Generate & Manage API Keys

What API keys are for and how to manage them: create a key (shown only once), name it clearly, and revoke or delete it. Keys authenticate the extension, the agent, and integrations like your SIEM.

An API key lets a program connect to your organization in Zeuslock — your browser extension, the desktop agent, and integrations like your SIEM all authenticate with a key. Anyone who has a key can act for your organization, so treat it like a password.

Where to manage keys

Open API Keys in the sidebar — "Manage keys for extension and integrations." The table lists each key's Name, a masked Key (for example zl_…), Status (Active or Revoked), Created date, and Actions.

Create a key

  1. Click + Create a key.
  2. Give it a clear name — for example "SIEM – Splunk" or "Windows rollout."
  3. The full key is shown only once. Copy it right away and store it safely (a password manager or your tool's config). After you close the dialog, only the masked version is ever shown again.

Tip: use one key per integration. That way, if a key leaks or you retire a tool, you can revoke just that one without disrupting the others.

Revoke or delete a key

  • Revoke an active key to stop it working immediately — use this if a key may have leaked, or a tool is decommissioned.
  • Delete a revoked key to remove it from the list permanently.

Where you will use the key

When you set up the extension, the agent, or a SIEM client, you will need two things: the key, and your API URL (shown on this page, for example https://api.zeuslock.ai). Keep keys out of source code and never share them publicly.