Articles on: Integrations

How to use API keys?

Summary

API keys let external systems, such as WordPress or WooCommerce integrations, communicate securely with your Clonable account. In this article, you will learn where to create an API key, what access it provides, and how to revoke it if it is ever exposed.


You must be the account owner (API keys grant access to the owner’s account data)


FAQ

Are API keys created automatically?

Sometimes. Clonable may auto-create an API key during WordPress or WooCommerce clone setup.


Can I rename an API key later?

No. The name is only a visual label. Create a new key and revoke the old one if needed.


What should I do if my API key was shared by accident?

Revoke it immediately and create a new one.



⏱️ Reading time: 3–5 minutes


Table of contents



Where API keys live

API keys are managed at the account level, not inside a specific clone.


You can find them in your profile settings:

  1. Open the Clonable dashboard
  2. Click your name at the top
  3. Select Profile
  4. Scroll to the API key table at the bottom of the page





Create an API key

In some cases, Clonable creates an API key automatically, for example when setting up a WordPress or WooCommerce clone.


If no key exists yet, you can create one manually:

  1. Open Profile settings
  2. Locate the input field above the API key table
  3. Enter a name for the key (this is only a visual label)
  4. Create the key and copy it immediately


Use a clear name like “WordPress”, “WooCommerce”, or the name of the connected tool.



Access and security

An API key provides access to data within your Clonable account. Treat it like a password.


Good security practices:

  • Store the key in a password manager or secrets vault
  • Never paste it into tickets, chats, or shared documents
  • Only use it in trusted systems that truly need access


Clonable will never ask you to share your API key. If someone asks, assume it is a scam.



Revoke an API key

If you believe an API key has been leaked, revoke it immediately.


Steps:

  1. Go to the API key table in Profile
  2. Find the key you want to disable
  3. Click Revoke API key in the Actions column


After revoking:

  • Any system using that key will stop working
  • Create a new key and update the external system with the new value



What the Clonable API can do

Depending on the integration, API access can include:

  • Creating sites
  • Creating clones
  • Viewing sites
  • Viewing clones
  • Retrieving profile information
  • Retrieving available languages


Because API keys can access sensitive account data, only the account owner can create API's


Updated on: 06/02/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!