# Developer API

The Developer API in Sprinto allows you to automate compliance tasks by sending security data from various source applications to Sprinto in real time. By generating and using an API key, you can authenticate and integrate Sprinto’s Developer APIs into your existing workflows, ensuring secure and efficient data exchange.

The Developer API is particularly useful for:

* Automating the ingestion of compliance-related data from integrated systems.
* Reducing manual data entry for security and compliance tasks.
* Enabling seamless communication between your systems and Sprinto’s platform.

You can view detailed technical documentation for all supported endpoints and authentication methods here: [Sprinto Developer API Documentation](https://developer.sprinto.com/docs/sprinto-developer-api-documentation#authentication).

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FVX4sqbYexaC9dxFOyxIu%2FScreenshot%202025-10-30%20at%2015.05.34.png?alt=media&#x26;token=335cdf8b-ce59-4d7f-b21c-d59160e41031" alt="" width="563"><figcaption></figcaption></figure>

***

### How Developer API Works

1. **Generate your Developer API key**
   * Navigate to **Settings > Developer API** in the Sprinto dashboard.
   * Click **Generate API key** to create a new API key.
   * You need a valid Developer API key to access Sprinto’s APIs.
2. **Use Developer API key to access Developer APIs**
   * Use the generated API key to authenticate your requests to Sprinto’s Developer APIs.
   * API keys are required in the request header for secure communication.
3. **Use Developer APIs to automate compliance tasks**
   * Integrate the APIs into your systems to automatically send compliance-related data to Sprinto in real time from supported source applications.

***

### Dashboard Actions

#### Generate a Developer API Key

1. Go to **Settings > Developer API**.
2. Click **Generate API key**.
3. The key will be displayed in the **Developer API Key** section, along with its creation date and access scope.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FwkMsFElABcFfNgPyiPFd%2FScreenshot%202025-10-30%20at%2015.06.53.png?alt=media&#x26;token=41f1603a-8c0f-4452-8345-c0f299a476be" alt="" width="563"><figcaption></figcaption></figure>

#### View All Your Keys

1. Under **Developer API Key**, click **View all your keys**.
2. This will open a list of all API keys you have generated, showing:
   * API key (partially masked for security)
   * Updated on date/time
   * Access scope (e.g., All APIs)
3. You can **disable** any active key from this screen.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FfBL2VQdKmSnC8OhAm8jC%2FScreenshot%202025-10-30%20at%2015.08.13.png?alt=media&#x26;token=80f7132d-5ded-44d1-978c-873634d3b400" alt="" width="563"><figcaption></figcaption></figure>

#### View Keys Generated by Other Admins

1. Under **API keys generated by other admins**, click **View keys**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FGbBHzEWD9YpwlWkY9cZO%2FScreenshot%202025-10-30%20at%2015.09.48.png?alt=media&#x26;token=0773bff1-9275-4a47-9d61-af882a0c556b" alt="" width="563"><figcaption></figcaption></figure>

2. This displays a masked list of API keys created by other admins, along with the owner, update date, and scope.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FnYVVn5VXQ8kzXeZnLSp7%2FScreenshot%202025-10-30%20at%2015.10.52.png?alt=media&#x26;token=d953d4ed-39d3-433c-9a9a-047b1814cf11" alt="" width="563"><figcaption></figcaption></figure>

#### Disable a Key

* From the **View all your keys** section, click **Disable key** for the API key you wish to deactivate.

***

### Best Practices

* Keep API keys secure and avoid sharing them in public repositories or unsecured communication channels.
* Rotate API keys periodically to maintain security hygiene.
* Immediately disable any compromised API key.
* Restrict the scope of the API key if possible, to limit access to only required endpoints.