Articles on: Integrations & Advanced Features

Set up API access using company API and API keys

Overview


How do I set up machine-to-machine or user-delegated access to CxPlanner for our own software?


This guide explains how your company can configure API access in CxPlanner using API keys and OAuth clients. These credentials allow you to integrate external systems, scripts, or internal tools with CxPlanner over HTTPS. The article also covers authentication types, access scopes, and how to securely manage secrets.


Only users with the company role Admin can access and manage the API area.


The API key module is an Enterprise feature, and therefore must also be enabled for your company.


When and why to use this

Use this feature when your company needs to connect CxPlanner with external systems or automate workflows.

  • When integrating scripts or external systems with CxPlanner via HTTPS
  • When setting up machine-to-machine access without user login
  • When enabling user-delegated access using OAuth PKCE
  • When controlling whether integrations can read, write, or access all projects
  • When managing, rotating, or revoking API credentials


Key points:

  • Only Admin users can access the API keys page
  • The feature requires the API key module (enterprise feature)
  • Secrets are only shown once and must be stored securely
  • Non-global integrations require project access setup
  • Global access allows access to all company projects without setup per project


How to - step by step

Open the API keys page

  1. Sign in to CxPlanner and click on your Profile-icon
  2. Go to Company profile
  3. Click API
  4. You are now on the API keys page (/company/api)





Create a new API key or OAuth client

  1. Click Generate API key at the bottom of the screen
  2. In Create new API key, enter an API name
  3. Choose an API type:
  • Static API key
  • OAuth (API user)
  • uth PKCE (individual user)
  1. Choose an API scope:
  • Developer READ API
  • Developer READ-WRITE API
  • Developer Global API
  1. Click Save




Store credentials securely

  1. Identify the type of credential created
  2. For Static API key, a dialog shows the secret
  3. For OAuth types, a dialog shows Client ID and Client Secret
  4. Copy and store these securely immediately


Secrets are only shown once. If lost, you must create a new key or client and delete the old one.


Manage existing credentials

  1. Go to the table on the API keys page
  2. Review columns such as Name, Scope, Type, Last used, and Used (count)
  3. Locate the key or client you want to remove
  4. Click Delete
  5. Confirm in the Delete API key dialog




Grant project access for scoped API users

  1. Check if the integration uses a non-global scope
  2. Identify the API user (apiservice+<unique_id>@cxplanner.com)
  3. Open each relevant project
  4. Add the API user with a suitable Project role
  5. Ensure the role matches the integration needs


Behavior and results

Authentication types

CxPlanner supports three authentication methods:

Authentication type

Use case

How it works

Typical usage

Static API key

System-to-system

Send key in header, e.g. Authorization: Apikey YOUR_STATIC_KEY

Simple integrations

OAuth (API user)

System-to-system

Use client_id and client_secret to obtain Bearer tokens (client_credentials)

Standard secure integrations

OAuth PKCE (individual user)

User-delegated

User logs in and approves access, then API uses Bearer token

User-based integrations


Scope behavior

API scope determines what the integration can do:

Scope (create dialog)

Table label

Access

Developer READ API

READ ONLY

Read access only

Developer READ-WRITE API

READ & WRITE

Read and write access

Developer Global API

GLOBAL

Access to all company projects


Project access rules

For non-global scopes, project membership is required:

Scope type

Project access required

Result

READ API

Yes

Can read data in assigned projects

READ-WRITE API

Yes

Can read and write in assigned projects

GLOBAL

No

Access to all company projects


What you see on the API keys page

The API keys page allows you to:

  • Create new API keys or OAuth clients
  • View existing credentials
  • See usage details and last activity
  • Delete and revoke access
  • Access help for API integrations


Troubleshooting

Problem

Cause

Solution

API menu is missing

API module not enabled or insufficient role

Ask an Admin to enable module or update role

Cannot click Generate API key

API feature not enabled

Contact admin or support

Error opening API page

Insufficient permissions

Use an account with Admin role

Integration cannot access project

API user not added or wrong scope

Add API user to project and verify scope

Lost API secret

Secrets only shown once

Create a new key and delete old one

Integration cannot write data

Read-only scope selected

Use READ-WRITE API

Integration cannot access all projects

Not using global scope

Use GLOBAL API


Quick facts

  • Requires: Company role Admin and API key module
  • Location: Company profile → API
  • Affects: API access, integrations, project permissions, credential security

Updated on: 04/08/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!