> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pleo.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Standalone API Key Workflow Guide
export const NoteCallout = ({title, children, icon = "💡"}) =>
;
Standalone API Keys are [**not available to all customers**](/docs/current/authentication/standalone-api-keys-overview).
This guide walks through the **end-to-end workflow** for using Standalone API Keys with Pleo APIs. You'll be using **cURL** to make the API calls.
If you prefer to test with Postman:
* Follow Step 1 of this guide to create your Standalone API Key, then
* Follow the [How to Make an API Call Using a Standalone API Key (Postman)](/docs/current/how-tos/api-keys/how-to-make-an-api-call-using-standalone-api-keys-postman) article to configure Postman and make your first API call.
## Before You Start
You must have:
* [Access to the **Pleo Web App**](/docs/current/how-tos/environment-access/how-to-get-access-to-all-env-standalone-api-keys) in **Staging** or **Production**
* **Admin** or **Bookkeeper** permissions
If you do not see **API Keys** under Settings, Standalone API Keys are not enabled for your organisation.
## What You’ll Have Built
By the end of this workflow:
* You have generated a Standalone API Key
* You understand environment and permission scoping
* You have successfully authenticated against the Pleo API
## Workflow Steps
### 1. Generate Your Standalone API Key
**Purpose:** Create an API Key in the Pleo Web App for your chosen environment.
**Input:** No inputs. See [Before You Start](#before-you-start) section.
**Output:** A scoped **API Key** usable for authenticating API requests.
**Integration Design / Why It Matters:**
* Standalone API Keys authenticate API requests and are [scoped by environment, company, and permitted API scopes](/docs/current/authentication/standalone-api-keys-overview#permission-scoped-access).
* Always store API Keys [securely](/docs/current/integration-design/auth/api-keys/integration-design-security-for-standalone-api-keys) after creation. Never expose them publicly or embed them in client-side code.
If you plan to build a production integration, review the [Integration Design for Standalone API Keys](/docs/current/integration-design/auth/api-keys/integration-design-for-standalone-api-keys) page to ensure correct lifecycle and security handling.
→
***
### 2. Authenticate Your First API Request
**Purpose:** Confirm API connectivity using your Standalone API Key.
**Input:**
* API Key (authentication header)
* `company_id` associated with your Pleo company
Every request must include the correct **company\_id** to ensure proper scoping.
**Output:** A successful API response confirms your key is valid and your requests are correctly scoped.
→
***
## Result
After completing this guide:
* You have a valid Standalone API Key
* You have confirmed API connectivity
* You have a working authenticated setup
***
## What Comes Next?
* Test additional Pleo API endpoints using Standalone API Keys
* Move to OAuth 2.0 if building multi-customer integrations:
* [OAuth 2.0 Setup with Postman Workflow Guide](/docs/current/guides/oauth-workflow-guide-postman)
* [OAuth 2.0 Setup Workflow Guide (Manual Token Lifecycle)](/docs/current/guides/oauth-workflow-guide)
***
## Related Reading
* [Integration Design for Standalone API Keys](/docs/current/integration-design/auth/api-keys/integration-design-for-standalone-api-keys)
* [User Experience Guidelines for Standalone API Keys](/docs/current/integration-design/auth/api-keys/integration-design-user-exp-guidelines-for-standalone-api-keys)
* [Security and Credential Management for Standalone API Keys](/docs/current/integration-design/auth/api-keys/integration-design-security-for-standalone-api-keys)
***