Skip to main content

Interactive Tutorial

Coming soon: Interactive Clueso video will be available here. For now, follow the step-by-step guide below.

Overview

API Keys in gu1 allow you to integrate the platform with your own systems, automate workflows, and access data programmatically.

What are API Keys?

An API Key is an authentication credential that identifies your application when making requests to the gu1 API. It’s like a password, but designed to be used by applications instead of human users.
Security: Treat your API keys like passwords. Never share them publicly, don’t include them in versioned code (Git), and rotate them periodically.

Types of API Keys

Production Key

For real data
  • Accesses production data
  • Modifies real entities
  • Charges for integration usage
  • Sends webhooks to real endpoints
  • Requires maximum security

Sandbox Key

For development and testing
  • Accesses sandbox data
  • Isolated environment
  • No additional cost
  • Ideal for development
  • Can be shared in dev teams

Create a New API Key

1

Access Settings

Navigate to Settings > API Keys in the left sidebar.
2

Click 'Create API Key'

In the top-right corner, click the + Create API Key button (blue).
3

Configure the API Key

Fill in the information:Key Name:
  • Use a descriptive name (e.g., “Integration Zapier”, “Mobile App”, “Data Pipeline”)
  • This helps identify usage later
Environment:
  • Production: For production applications
  • Sandbox: For development and testing
Permissions (optional): By default, the key inherits permissions from your user. You can restrict:
  • Read: Data read-only
  • Write: Create and modify entities
  • Delete: Delete entities
  • Execute: Execute rules and integrations
4

Copy the API Key

IMPORTANT: The complete API key will be shown only once. Copy it immediately to a safe place.
The key will have this format:
gk_production_z1UGrahVx9NA2NG6Pj-6ZuZlFf64CEV73SpUqtt_4fflydka8MmdVAxT0cLqO3d5
Prefixes:
  • gk_production_... - Production key
  • gk_sandbox_... - Sandbox key
5

Store Securely

Recommended options:
  • Password manager: 1Password, LastPass, Bitwarden
  • Environment variables: .env (don’t commit to Git!)
  • Secret managers: AWS Secrets Manager, Google Secret Manager, HashiCorp Vault
  • CI/CD secrets: GitHub Secrets, GitLab CI Variables
❌ Never:
  • Commit to code
  • Share via email/Slack
  • Include in screenshots
  • Leave in log files

Use Your API Key

HTTP Authentication

All requests must include the API key in the Authorization header: 
curl https://api.gu1.ai/entities \
  -H "Authorization: Bearer gk_production_YOUR_API_KEY" \
  -H "Content-Type: application/json"

Code Examples

const GUENO_API_KEY = process.env.GUENO_API_KEY;

// Using native fetch
const response = await fetch('https://api.gu1.ai/entities', {
  headers: {
    'Authorization': `Bearer ${GUENO_API_KEY}`,
    'Content-Type': 'application/json'
  }
});
const data = await response.json();

// Using gu1 SDK
import { GueoClient } from '@gueno/sdk';

const client = new GueoClient({
  apiKey: GUENO_API_KEY
});

const entities = await client.entities.list();

Manage Existing API Keys

View All Keys

On the Settings > API Keys page, you’ll see a list of all active keys with key information like name, environment, last use, creation, and permissions.
Security Note: Only the first and last 4 characters of the key are shown (e.g., gk_p...3d5). The complete key cannot be retrieved.

Revoke an API Key

If a key was compromised or is no longer needed, you can revoke it immediately. This action is irreversible and all integrations using this key will stop working.

Rotate an API Key

Rotation is the practice of periodically replacing a key for security. We recommend rotating production API keys every 90 days.
Rotation process: Create a new key, gradually update your systems, verify functionality, and revoke the old key.

Security and Best Practices

Secure Storage

Use environment variables, secret managers, and never commit keys to Git

Regular Rotation

Production: every 90 days, immediately if compromised

Least Privilege

Use minimum permissions needed for each integration

Monitoring

Review usage regularly and configure anomaly alerts

Rate Limits and Quotas

PlanRequests/minRequests/dayBurst
Starter6010,00010
Professional300100,00050
Enterprise1,000Unlimited200
The API returns limit information in X-RateLimit-* headers.

Next Steps

API Reference

Complete REST API documentation

gu1 SDK

JavaScript, Python, Ruby, PHP libraries

Webhooks

Configure real-time notifications

Code Examples

Ready integrations (Zapier, n8n, Make)

Need Help?

Last updated: January 2025