API Access

API Access lets you integrate InvyMate data with your tools (dashboards, reporting, scripts).

If you need outbound push instead of polling, use Webhooks.

What it is

With API Access, you can generate API keys and call protected endpoints using those keys.

In-app workflow (current UI)

• Navigate to Configuration → API Keys
• Create an API key
  • Choose a name (e.g., “IT audit export script”)
  • (Optional) authenticate as a service account (UI supports this toggle)
• Copy the token
  • The token is shown only once
  • Store it in a secret manager (1Password, Vault, AWS/GCP secret store, etc.)
• Rotate / revoke keys as needed
• Use the correct auth header format for integrations:
  • Authorization: ApiKey <token> for API keys

API configuration

Use tenant-scoped API URLs.

• Production pattern: https://<tenant-subdomain>.invymate.com/api/v1/... Important:

• Tenant/workspace resolution uses the request host/subdomain.

• Wrong subdomain means wrong tenant context.

• API keys work only with Authorization: ApiKey <token>.

For endpoint contracts and payload schemas, see:

• API Endpoints (Overview)
• Webhooks

API keys vs webhooks

• API keys are for your system to call InvyMate APIs.
• Webhooks are for InvyMate to send signed lifecycle events to your endpoint.
• Webhook management is Owner-only in Configuration and Pro-gated.

Related docs

• API Endpoints (Overview)
• Webhooks
• Roles & Permissions
• Plans & Pricing (Overview)