API Keys

Programmatic access tokens for the Planna REST API. Treat keys like passwords — they grant full access to the scopes they hold.

Active keys

3 keys can authenticate API requests.

3 active

Production Server

pk_live_8f2a••••••••••••
tasks:readtasks:writeprojects:readprojects:write
Created Jan 4, 2026 Last used 6h ago

Staging CI

pk_test_2c91••••••••••••
tasks:readprojects:read
Created Mar 5, 2026 Last used 1d ago

Analytics Pipeline

pk_live_a1b9••••••••••••
analytics:read
Created Apr 4, 2026 Last used 6h ago

Revoked keys

Kept for audit history. No longer functional.

1 revoked

Legacy Webhook

pk_live_77de••••
Revoked

API best practices

  • Use the narrowest scopes possible — never request write access you don't need.
  • Rotate keys every 90 days, and immediately if a key leaks.
  • Store keys in a secrets manager (Vault, AWS Secrets Manager, Doppler).
  • Never commit keys to Git. Use environment variables.