AI Integrations (MCP & API) Last reviewed April 2026

Revoking keys and security best practices

Your API keys are powerful — anyone who has one can read and change your organization's data. A few simple habits keep them safe.

One key per device or assistant

Make a separate key for each place you use it: one for Claude on your laptop, one for ChatGPT, one for any developer on your team. If a single device gets lost or a team member leaves, you revoke only that one key — everything else keeps working.

Rotate every few months

A good rhythm is to replace keys every 3–6 months. Create a new one, update the tool that uses it, and revoke the old one. This is especially important if your team has changed.

If a key leaks, revoke it immediately

  1. Go to /admin/api_keys.
  2. Find the key (use the name to identify it — that's why naming them well matters).
  3. Click Revoke. The key stops working instantly.
  4. Create a new key and update the tool that was using the old one.
📸 Screenshot: revoke button on the API Keys list

What a leaked key cannot do

Even a stolen key has limits:

  • It can only access your organization's data. It cannot see or touch any other organizer's information on Convene.
  • It cannot change your login password, your Stripe account, or your organization's billing settings.
  • It cannot be used to sign in to the website as you.
  • Every action the key takes is recorded in your Audit Log with the key's name — so you always have a record of what happened.

Where to store keys safely

  • Do: use a password manager (1Password, Bitwarden, Apple Passwords).
  • Do: paste directly into the Claude Desktop config or the ChatGPT Action — these are stored locally or in your account.
  • Don't: email a key, send it over Slack, paste it into a shared Google Doc, or commit it to a code repository.

Who on my team should have keys?

Only people who are already market managers or admins for your organization should create keys. Right now, anyone logged in to the admin panel can create keys for the organization — treat that access accordingly.

Questions?

If you think a key has been leaked or misused, revoke it immediately and then email hello@convene.markets. We can help you review your Audit Log to see what happened.

Related Articles

AI Integrations (MCP & API)

Interested in building an integration with Convene Markets?

We're building an API for Convene and would love to hear from developers and service providers interested in integrating with our platform. Whether you run ...

Read article
AI Integrations (MCP & API)

Run your markets by chatting with Claude or ChatGPT

You can now manage your markets by talking to an AI assistant like Claude or ChatGPT. Ask it "what's pending today?" or "approve booking 123" and it handles ...

Read article
AI Integrations (MCP & API)

Create your API key (step-by-step)

Before Claude, ChatGPT, or any other tool can work with your Convene data, you need an API key. Think of it like a password that you give to one specific app...

Read article
AI Integrations (MCP & API)

Connect Claude Desktop to your markets

Claude Desktop is a free app from Anthropic. Once you connect it to Convene, you can run your markets by chatting with Claude — no more clicking through admi...

Read article

Was this article helpful? Still have questions?

Contact Support