You can generate your own API key from the Tracksuit dashboard, if you have admin access. If you donāt have admin access, reach out to an existing admin in your account, or your Tracksuit Brand Champion.
The Tracksuit Public API uses Bearer token authentication. Every request must include an Authorization header containing your API key:
Authorization: Bearer YOUR_API_KEY
Requests without a valid token are rejected.
Generating an API key
In the Tracksuit dashboard, click the settings cog and open Account Settings.
Open the Tokens tab (next to Users at the top).
Click Generate new token.
Give it a name you'll recognize later (e.g. "Power BI pipeline" or "Snowflake integration") so you know why it was created.
Copy the token and store it somewhere safe, like a password manager.
Your token is shown only once. Tracksuit will not display it again or re-share it after you close the dialog. If you lose it, generate a new one.
What your token can access
Your token inherits the access of the user who generated it. It can only read the category views (dashboards) that user has access to.
If you need data for additional brands, categories, or markets, make sure you have dashboard access to them. Your Brand Champion or account admin can arrange access, and those category views will automatically be available through the API.
Use a service account for production integrations. Rather than generating a token under a personal login, create a dedicated user (e.g. data-integrations@yourcompany.com), give it admin access, and generate the token from there. This keeps the integration working if someone leaves, and makes API usage easier to identify in our logs.
Existing v1 API users
If you already use the Tracksuit v1 API, your existing key also works with the v2 beta. You don't need to generate a new one.
Token validity
Tokens are valid for 365 days from the date they're created. There is no refresh mechanism ā when a token expires, or whenever you need to rotate it, generate a new token and update wherever the old one was used.
Set a reminder ahead of the 365-day expiry so your integration doesn't stop working unexpectedly.
Keep your key secure
Never commit your key to a public repository or share it in Slack or email.
If you suspect a key has been exposed, generate a new one and revoke the old token.
