Your API Key is what lets an outside tool or AI assistant connect to your SleekTech data. It is powerful, so it is important to understand exactly what it gives access to and how to look after it. Please read this before you create a key or share it with any tool.
Only an Admin Can Create a Key
Only Admin users can create an API key. If you are not an admin, ask your administrator. This is deliberate: because a key unlocks all of your account's data, the ability to create one is limited to your most trusted users.
What the Key Can Actually See
This is the most important thing to understand:
- An API key gives full read access to everything in your account - every property, landlord, tenant, tenancy, certificate, statement and all of your financial transactions.
- It is not limited by user permissions. Even if a normal user is restricted to certain properties or screens, the key can read all of the data an admin can read, across your whole account.
- Anyone who holds the key has this same full access. The key does not know or care who is using it - treat it like a master password to your entire account.
- The connection is currently read-only - a key cannot change, add or delete anything in SleekTech. But it can read and copy everything, which is why it must be protected.
What Happens When You Give Your Key to a System or AI Assistant
When you paste your key into a tool - an AI assistant such as ChatGPT, Claude or Gemini, a spreadsheet, a reporting dashboard, or any other software - you are giving that system the ability to read all of your SleekTech data on your behalf. Be aware that this means:
- That system can pull a complete copy of your data whenever it wants to, for as long as the key remains active.
- Your data may be sent to and processed on that system's servers (for example, an AI provider's servers), outside of SleekTech. It becomes subject to that provider's own privacy and data-handling terms, not just ours.
- Anyone who can use that system - or who can see the key stored inside it - effectively has the same full access to your data.
- You are trusting that system to keep your key, and the data it reads, secure.
So only ever connect your key to tools and providers you know and trust, and only give the key itself to people you fully trust - anyone you hand it to can read everything an admin can read.
Handle the Key Like a Secret
- Keep it somewhere safe, such as a password manager. It is shown only once when created and cannot be retrieved again.
- Never post it publicly, email it, put it in a chat message, or commit it into shared code or documents.
- Give it out as little as possible. If several people or tools each need access, consider whether they truly need it - every copy is another place it could leak from.
If You Suspect Your Key Has Been Seen
If you have any suspicion that your key has reached someone who should not have it - a former colleague, a tool you no longer use, or anything that does not feel right - act immediately. Deleting a key instantly and permanently stops it from working, everywhere it is in use.
- In SleekTech, click your User Profile in the top-right corner of the screen.
- Open the API Keys tab.
- Find the key and choose Delete. The old key stops working straight away.
- Click Create API Key to generate a fresh one for your own use, and update your trusted tools with the new key.
There is no downside to replacing a key whenever you are unsure - if in doubt, delete it and create a new one.