Skip to main content

API Keys

Pro plan. API access requires a Pro plan. View plans.

API keys authenticate requests to the CalendarPipe REST API and to CalDAV. Every key belongs to your account and grants the same access as you do.

Create a key

  1. Open API in the CalendarPipe sidebar.
  2. Enter a name in Generate New Key (for example, Production server).
  3. Click Generate.
  4. Copy the key immediately. CalendarPipe shows the full key once and stores only its hash — there is no way to retrieve it later.

Keys look like this:

cp_8f3a1c4e9b7d2f6a5c8e1b4d7f0a3c6e9b2d5f8a1c4e7b0d3f6a9c2e5b8d1f4

The first eight characters (cp_8f3a1c) are the prefix. CalendarPipe lists the prefix on the API page so you can identify keys later, but the full key is never shown again.

Authenticate a request

Pass the key in the Authorization header:

GET /api/v1/hosted-calendars
Authorization: Bearer cp_8f3a1c4e9b7d2f6a5c8e1b4d7f0a3c6e9b2d5f8a1c4e7b0d3f6a9c2e5b8d1f4

For CalDAV, use the key as the password — see CalDAV Setup.

Scope and lifetime

  • A key grants the same access your account has. There are no per-key permission scopes.
  • Keys do not expire automatically. They remain valid until you revoke them.
  • The Last Used column on the API page shows the most recent successful authentication, useful for spotting unused keys.

Revoke a key

On the API page, click Revoke next to the key. Revocation is immediate — subsequent requests with that key receive 401 Unauthorized. Revocation cannot be undone; generate a new key to restore access.

Storage and rotation

  • Treat keys like passwords. Store them in your secrets manager (1Password, AWS Secrets Manager, Vercel environment variables) and never commit them to source control.
  • Rotate by generating a new key, deploying it, then revoking the old one. Old and new keys can coexist during the cutover.
  • If a key is exposed (committed to a public repo, posted in a screenshot, leaked in logs), revoke it immediately and generate a replacement.
  • Errors — status codes returned when authentication fails.
  • CalDAV Setup — using an API key with CalDAV clients.
  • API Reference — the interactive REST reference.