Manage API Keys and Webhook Keys
Manage API Keys and Webhook Keys
Overview
Use this guide to manage external integration credentials. Both API keys and webhook endpoints are managed directly in the SchoolBanks web admin experience.
Prerequisites
- Admin access to Admin > Settings.
apikeys.read to view API keys.apikeys.create, apikeys.rotate, or apikeys.revoke for the matching API key action.webhooks.read to view webhook endpoints; webhooks.manage to create, toggle, delete, or test them.- A secure place to store new secret values before generating or rotating credentials.
Step-by-step procedure
- Open Admin.
- Open Settings.
- Select API Keys (
/Admin/ApiKeys) to manage tenant API credentials. - In Create API Key, enter Client Name and optionally Expires At.
- Select Generate Key.
- Copy the generated key immediately. The secret value is intended to be shown only during creation or rotation.
- Review Active Keys to confirm the client, expiration, and status.
- Use Rotate when replacing an active credential.
- Use Revoke when a credential should no longer be accepted.
- Review Revoked / Inactive Keys when confirming that old access was removed.
- Return to Settings and select Webhook Keys (
/Admin/Webhooks) when webhook endpoint management is needed. - On the Webhooks page, use Create Webhook Endpoint, Target Url, Max Retries, Test, Disable, Enable, and Recent Deliveries to configure and validate webhook delivery. Disable or enable endpoints as needed during rollout or maintenance.
Variations / branching flows
- Planned rotation: generate or rotate the key, update the external system, validate traffic, then revoke the prior credential.
- Emergency revocation: revoke the key first, then coordinate a replacement with the integration owner.
- Webhook delivery validation: use Test before enabling a new endpoint for production events.
- Webhook pause: disable the endpoint during receiving-system maintenance, then enable it again after a successful test.
Expected outcomes
- New API keys appear in Active Keys with the expected client name and expiration.
- Rotated keys work for the external caller, while the replaced secret no longer works.
- Revoked keys move to Revoked / Inactive Keys and no longer authenticate API calls.
- Webhook endpoints can be tested and their recent delivery results are visible in Recent Deliveries.
Troubleshooting / edge cases
- If Generate Key, Rotate, or Revoke is unavailable, confirm the admin role includes the matching API key permission.
- If
/Admin/Webhooks does not show endpoints, confirm the admin role includes webhooks.read. - If a webhook test fails, validate the target URL, TLS certificate, firewall rules, receiver availability, and expected signing-secret handling.
- If an integration still works after revocation, confirm it is not using another active key for the same client.
- If the secret was not copied when shown, rotate the credential and store the replacement securely.
Related processes
- Configure Tenant Settings and Options
- SIEM Configuration Guide
Assumptions and gaps
- Webhook secret display behavior follows the same secure-handling expectation as API keys: copy new secrets at creation or rotation time.
Related Articles
Configure Tenant Settings and Options
Configure Tenant Settings and Options Overview Use this guide to open the admin settings hub and choose the correct tenant configuration area. The settings hub is reached at /Admin/SettingMenu, which renders the same settings dashboard as the Admin ...
Review and Manage Chargeback Cases
Review and Manage Chargeback Cases Overview Use this guide to review district chargeback cases, filter the case list, add timeline notes, and attach document metadata. The current admin entry point is Financial > Chargebacks (/Admin/Chargebacks). ...
Manage Automated Reminder Rules
Manage Automated Reminder Rules Overview Reminder Rules let district administrators define who receives automated reminder messages, when rules are eligible to run, which email template is used, when delivery should stop, and which escalation ...
Manage Financial Export Templates
Manage Financial Export Templates Overview Use this guide to create and maintain financial export templates. Templates define the export columns and order used by financial export batches. The current admin route is /Admin/Finance/ExportTemplate. ...
Manage Roles and Permissions
Manage Roles and Permissions Overview Use this guide to create staff roles, update role status, and assign permission sets from the Roles and Permissions admin page. Role changes affect what menu areas and actions staff can use after their next ...