Managing API Keys

What are API keys?

API keys let you authenticate against the FloopFloop public API to create, refine, and deploy projects from your own scripts, AI agents, or CI pipelines. If you only use the FloopFloop website, you do not need an API key.

For the full programmatic API reference, see API Overview and Authentication.

Where to find them

API keys are managed at Account → API Keys. The page lists every key on your account along with its name, masked prefix, last-used date, and creation date.

API key access requires a Business subscription. Free, Starter, and Pro accounts can view the page but cannot create keys.

Creating a key

1. Click Create key.
2. Give the key a memorable name (for example "CI Pipeline" or "Local agent") so you can recognize it later.
3. The full key is shown only once in a confirmation dialog. Copy it immediately and store it somewhere safe.
4. After you close the dialog, only the first few characters (the prefix) will ever be visible again.

All FloopFloop API keys begin with the flp_ prefix.

Limits

• Up to 5 active keys per account.
• Each key has its own rate-limit bucket — one noisy script will not block the others.
• Keys inherit your account's plan limits and credit balance.

Revoking a key

If a key is leaked or no longer needed, revoke it from the API Keys page. Revocation takes effect immediately — any in-flight request using that key will start receiving 401 Unauthorized.

Security best practices

• Never commit keys to version control. Use environment variables or a secrets manager.
• Use one key per environment (dev / staging / prod) so you can revoke a single environment without breaking the others.
• Rotate keys regularly. Create the new key, deploy it, then revoke the old one.
• Treat keys like passwords. Anyone with the key can use your credits and modify your projects.