API keys are used to authenticate requests to the Signstack API. Each API key is scoped to an organization and can be configured with specific permissions and expiration settings. API keys come in two environments: 'live' for production use and 'test' for development. The secret key is only shown once upon creation and cannot be retrieved later, so store it securely. You can list, create, and revoke API keys through these endpoints. Once an API key is created, exchange it for a short-lived access token using the token exchange endpoint.