Create and manage Keep API keys

API keys let you use Keep from the CLI, scripts, agents, and your own apps. Keep has two kinds of keys: a personal key with full access to your account, and scoped keys that give read-only access to a single tag or collection.

Create and manage both from Settings / Integrations / API.

Personal API key

Your personal key has full access to your account. Use it for the CLI, your own scripts, and anywhere you need to read and write your own data.

  1. Go to Settings / Integrations / API.
  2. Create your personal key.
  3. Copy it. The full key is shown only once.

Send the key as a Bearer token on every request:

curl https://keep.md/api/me \
  -H "Authorization: Bearer $KEEP_API_KEY"

If you ever need to replace a key, roll it to generate a new one. Rolling invalidates the old key immediately, so update anywhere it is stored.

Scoped keys

Scoped keys are read-only. They are useful when you want to give a tool or another person access to part of your library without handing over full account access. A scoped key can be limited to:

  • All items -- read-only access across your whole library
  • A tag -- read-only access to items with one tag
  • A collection -- read-only access to items in one collection

Scoped keys can read items, tags, collections, and highlights. They cannot save, update, delete, or change account settings.

Create a scoped key

  1. Go to Settings / Integrations / API.
  2. Select New scoped key.
  3. Choose the scope (all items, a tag, or a collection) and an optional name.
  4. Select Create key.

The key is shown once. Copy it before closing the dialog.

Roll or revoke

Each scoped key can be rolled to replace it with a new value, or revoked to remove access entirely. Both take effect immediately.

Using a key

Every Keep API and CLI request authenticates with a Bearer token. With the CLI, save your key once:

keep key YOUR_API_KEY

For requests, set the Authorization header:

curl "https://keep.md/api/items?limit=10" \
  -H "Authorization: Bearer $KEEP_API_KEY"

A request made with a scoped key only returns items inside that key's scope, and write requests are rejected.

Keep your keys safe

  • Treat keys like passwords. Anyone with a key can act within its access.
  • Store keys in environment variables or a secrets manager, not in source control.
  • Roll or revoke a key right away if it might be exposed.
  • Prefer a scoped, read-only key when something only needs to read part of your library.

For the full list of endpoints, see the API reference. To call the API from the terminal, see the CLI.