Skip to main content
API keys let you access the Quikly REST API programmatically. Use them with n8n, custom scripts, CI/CD pipelines, or any HTTP client.

Create an API key

1

Open API key settings

Go to Settings → API Keys in the Quikly app.
2

Click Create API Key

Enter a descriptive name (e.g., “n8n automation” or “Cursor MCP”) and select the scopes you need.
3

Copy the key

The full key is shown only once. Copy it and store it somewhere safe — you cannot retrieve it later.

Scopes

Each API key has one or more scopes that control what it can do:
ScopeAccess levelExample operations
readRead-onlyList proposals, get proposal details, AI rate recommendations
writeWrite accessCreate proposals, share proposals, send messages
read,writeFull accessAll operations (default)
Follow the principle of least privilege. If an integration only needs to read data, create a key with read scope only.

Authenticate requests

Include your API key in the X-API-Key header on every request: 
curl -X GET "https://api.getquikly.com/api/external/v1/me" \
  -H "X-API-Key: qk_your_api_key_here"

Rate limits

API calls are rate-limited per minute and capped monthly depending on your plan:
PlanMonthly quotaPer-minute limit
Starter15 calls5/min
Professional2,000 calls30/min
Agency10,000 calls60/min
LifetimeUnlimited60/min
When you exceed a limit, the API returns 429 Too Many Requests. The response includes a Retry-After header indicating when you can retry. Check your current usage with: 
curl -H "X-API-Key: qk_your_api_key_here" \
  "https://api.getquikly.com/api/external/v1/usage"
You can also pre-check before an operation: 
curl -H "X-API-Key: qk_your_api_key_here" \
  "https://api.getquikly.com/api/external/v1/usage/precheck?operation=proposal_create"

Manage existing keys

In Settings → API Keys, you can:
  • Rename a key to keep your list organized
  • Deactivate a key temporarily without deleting it
  • Revoke a key permanently — revoked keys cannot be reactivated

Security best practices

Never commit API keys to version control or expose them in client-side code.
  • Use environment variables to store keys in your deployment environment.
  • Rotate keys periodically — create a new key, update your integrations, then revoke the old one.
  • Use the narrowest scope that your integration requires.
  • Set expiration when creating keys for temporary integrations. You can specify expires_in_days during creation.
  • Monitor usage by checking the usage endpoint or the API Keys page in the dashboard. Each key shows its last-used timestamp.
  • Revoke immediately if a key is compromised.

Key format

Quikly API keys follow the format qk_ followed by a random string. When you view keys in the dashboard, only the prefix (e.g., qk_abc1...) is visible — the full key is only shown at creation time.