API keys let external applications read your ClashWise data through the Developer API — for example, pulling your clash sets into PowerBI, Excel, Tableau, or a custom dashboard. The API is read-only: external tools can retrieve your data but never change it.
Each key is a Client ID / Client Secret pair used with Basic Authentication.
Who can use API keys
API access requires an active Clash Management plan (Pro or Business), including the free trial. Without one, the API ACCESS card on your Profile shows a CLASH MANAGEMENT REQUIRED pill and the generate button is disabled.
Generating a key
- Sign in at https://clashwise.ai.
- Open the navigation drawer and select Profile.
- Scroll to the API ACCESS card ("Manage your API keys for external integrations").
- Select Generate New API Key and give the key a descriptive name, such as "PowerBI Integration".
- The API Key Details dialog appears with your Client ID and Client Secret (Shown Once).
- Copy the Client Secret now and store it somewhere safe — it is shown only this once and can never be retrieved again. Then select I have copied my secret.
Your keys are listed in a table showing Name, Client ID, Created, and Last used, with a Revoke key action on each row.
Using a key
Authenticate with Basic Authentication: use the Client ID as the username and the Client Secret as the password. Most tools (PowerBI, Excel, Postman) have a "Basic" authentication option that handles the encoding for you.
For the available endpoints, requests, and responses, see the other articles in this section:
- Getting Your Clash Sets in External Applications
- Getting Available Contacts
Revoking a key
Select Revoke key next to the key you want to remove. You'll be asked to confirm: "Are you sure you want to revoke this API key? Any applications using it will stop working immediately."
Revoke a key whenever:
- you suspect the secret has been exposed (shared in a chat, committed to source control, left in a shared file),
- an integration is retired,
- the person who set up the integration leaves your team.
Revocation takes effect immediately and cannot be undone — generate a new key and update your integration with the new credentials.
Limits
- Maximum of 5 API keys per account.
- The Client Secret is shown once at creation and is unrecoverable afterwards. If you lose it, revoke the key and generate a new one.
- Keys give read-only access to your data via the export endpoints; they cannot modify anything.
Security best practices
- Treat the Client Secret like a password: never share it, email it, or commit it to version control.
- Use a separate key per integration (one for PowerBI, one for your internal dashboard, and so on) — then you can revoke one integration without breaking the others, and the Last used column tells you which keys are actually in use.
- Review your key list occasionally and revoke anything you no longer recognize or use.
Troubleshooting
- The generate button is disabled / I see CLASH MANAGEMENT REQUIRED — your account doesn't have an active Clash Management plan. See the Subscriptions and Billing article in the Account, Plans & Billing section.
- My requests return 401 Unauthorized — check that the Client ID is the username and the Client Secret is the password, with no extra spaces, and confirm the key hasn't been revoked (it should still appear in your key list).
- I lost my Client Secret — it can't be recovered. Revoke the old key and generate a new one.
Related topics
- Getting Your Clash Sets in External Applications
- Getting Available Contacts
- Your Profile (Account, Plans & Billing section)