Skip to main content

Developer Portal & API keys

Maya Collins
Updated
Open in ChatGPTOpen in ClaudeView as Markdown

The Developer Portal is where you manage everything that connects to your REPSLog data over the API: your API keys, the scopes they grant, a live Playground for testing, and the full API reference. It is also the same place ChatGPT and Claude send you when you connect those assistants.

This article walks through signing in, creating a key, choosing scopes, rotating and revoking keys, using the Playground, and finding the docs.

Premium feature. API access is part of REPSLog Premium. If you are on Free or Starter, you can still open the portal and sign in, but creating a key prompts you to upgrade.

Signing in

Open api.reps-log.com in any browser. Sign in with the same account you use in the REPSLog app. The portal supports the same sign-in methods as the app:

  • Magic link (email)
  • Google
  • Passkey

There is nothing new to register. Once you are signed in, your keys and settings follow your REPSLog account.

Developer Portal sign-in

Creating an API key

  1. From the portal, go to Keys and select New key.
  2. Give the key a name you will recognize later, for example Zapier automation or My logging script.
  3. Choose the scopes the key should have (see below).
  4. Optionally set an expiry date. After that date the key stops working automatically.
  5. Select Create.

Create-key wizard: name your key

Copy your key now: it is shown only once

When the key is created, the portal shows the full secret value once. It looks like this:

rl_a1b2c3d4.e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0

Copy it immediately and store it somewhere safe. For security, REPSLog never stores the full secret, so this is the only time it is ever displayed. If you close this screen without copying it, you cannot recover the value. You will have to rotate the key (or create a new one) to get a fresh secret.

One-time key reveal

Scopes

Scopes control what a key is allowed to do. You pick them per key, so you can hand out a read-only key for a dashboard and keep a separate read-write key for automation.

Scopes are organized per resource, for example:

  • Time logs: read your logged hours, or read and write new entries
  • Properties: read your property list
  • Categories: read your categories
  • Participants: read your participants
  • Hours summary: read totals and breakdowns

Grant only what each integration needs. A key that just reads reports does not need write access.

Choose permissions (scopes)

Rotating a key

Rotating replaces a key's secret with a brand new one while keeping the same key name and scopes. Use it when you suspect a secret may have been exposed, or on a regular schedule as good hygiene.

  1. Open the key from your Keys list.
  2. Select Rotate.
  3. Copy the new secret on the one-time reveal screen, exactly as you did at creation.
  4. Update every integration that used the old secret. The old secret stops working right away.

Key actions: rotate and revoke

Revoking a key

Revoking permanently disables a key. Any integration using it stops working immediately. This cannot be undone, so for an active integration, rotate instead of revoke unless you intend to shut it off.

  1. Open the key from your Keys list.
  2. Select Revoke and confirm.

A revoked key stays in your list (marked revoked) so you keep a record of what existed.

Filtering your keys list

The Keys list has filters so you can focus on what matters:

  • Active: keys that currently work
  • Revoked: keys you have disabled
  • All: everything, active and revoked together

API keys list with Active/Revoked/All filter

Playground: try endpoints live

The Playground lets you call any API endpoint right in the browser using one of your own keys, so you can see real responses before writing a single line of code.

  1. Open Playground in the portal.
  2. Pick the key you want to use.
  3. Choose an endpoint, fill in any parameters, and send the request.
  4. Inspect the live response.

The key you select is held in memory for that session only. It is not saved into the page.

Playground

Where the API docs are

The full API reference, with every endpoint, parameter, and example, lives at:

api.reps-log.com/v1/docs

The portal's Getting Started page also walks through the auth model and includes ready-to-run curl examples that link into those docs.

API reference

Keeping your keys secure

Treat an API key like a password. Anyone who has it can act on your REPSLog data within that key's scopes.

  • Store keys safely. Use a secrets manager or your platform's environment variables. Do not paste keys into emails, chat messages, screenshots, or shared documents.
  • Never commit a key to source control. If a key lands in a public or shared repository, treat it as leaked.
  • Use the least scope needed. A read-only key cannot create or change entries.
  • Set an expiry for short-lived or experimental keys.
  • If a key is leaked, revoke it immediately (or rotate it if the integration must keep running), then update the integration with the new secret.

Related articles

  • Connecting ChatGPT to REPSLog
  • Connecting Claude to REPSLog
  • What you can do with the REPSLog API

Related articles

Comments

0 comments

Please sign in to leave a comment.