ValidEmailChecker

Why can't team members generate API keys?

Last updated May 20, 2026Team management

API keys on Valid Email Checker are deliberately owner-only. When a team member logs in, the Developer link in the sidebar is hidden, and even if they navigate to /api-access directly, the page renders a notice that API access is restricted to account owners. This is one of the few hard restrictions we put on team members and it is worth explaining why, because at first glance it can feel arbitrary if the team member is the most technical person on the team.

The core reason: keys spend the shared pool silently

An API key authenticates a program — not a person sitting at a dashboard. Once it is in some script or backend service, it can verify emails 24/7, drain credits from the shared pool at whatever rate the integration runs, and there is no UI indicator that it is happening. If we let every team member generate their own key, every member becomes a potential silent credit drain point. The owner pays for all of it and might not realize until the balance hits zero.

The secondary reason: keys outlive the team-member role

API keys do not auto-revoke when a team member is removed from the account. If they did, a key that powered a production integration would die the moment HR processed an offboarding, which is obviously bad. But that means a key generated by a team member could keep working long after the member is gone — depending on how revocation is wired, this can be a real risk. Concentrating keys in the owner account makes the lifecycle predictable: the owner generates, the owner revokes, the owner reviews the key list quarterly.

How to do API integrations on a team-shared account

The pattern that works well in practice:

  1. The most technical team member writes the integration code and tests it against their own account if they have one.
  2. The owner generates an API key from Developer → API Keys and shares it through a password manager (1Password, Bitwarden) with the team member who owns the integration.
  3. The team member drops the key into their service's secrets store and the integration runs against the owner's shared credit pool.
  4. When the team member leaves or rotates roles, the owner revokes the specific key from the dashboard. The integration stops working immediately — replace the key or take it offline.

What if the owner is non-technical?

Common scenario: the owner signed up the account but the engineer building the integration is a team member. You have two clean options:

  • The non-technical owner generates the key with the engineer next to them (literally screen-share for 30 seconds), names it after the project, and hands it over. The owner is now the keyholder of record even though they did not pick the integration design.
  • If the engineer absolutely needs the ability to generate and rotate keys without owner-in-the-loop, transfer ownership of the account to them. Email support@validemailchecker.com — ownership transfer is not a self-service flow, but support can do it after identity verification on both sides.
No, we cannot grant per-member API quotas
A frequent ask is 'let team members generate keys but cap them at 1,000 credits/month.' Per-member sub-quotas do not exist anywhere in the credit system today — every verification draws from the same shared bucket. Until that ships, the cleanest control is owner-issued keys.
The full restriction matrix is in what can team members do and not do. API keys are the loudest no, but they are not the only one.

Related questions

How do I get a Valid Email Checker API key?
What can a team member do, and what can they NOT do?
How do I invite team members to my account?
Do team members share my credits?
Back to all FAQs

Still stuck? Email support