Settings & API Keys

Account-level settings live in the Settings view, accessed from the left sidebar of the app. There are four areas: account, API keys, integrations, and credits.

Account

Basic profile management:

Name — first and last name, used in the welcome flow and in shared exports.
Email — your sign-in identifier. Changes here require confirmation.
Password — change your password. If you've forgotten it, use Forgot password from the sign-in screen instead.
Theme — light or dark. The choice is stored locally per browser; toggling it from the navbar does the same thing.

API keys

API keys authenticate external tools (most importantly the Zotero plugin) against your account.

Creating a key

In Settings → API Keys:

Click Create API key.
Give it a descriptive name (e.g., "Zotero on my laptop", "Zotero on the lab desktop"). The name is for your reference — pick something that helps you identify the key in the list later.
Click create. The key is shown once in a modal. Copy it immediately and paste it where you need it; you can't view the full key again afterward.

What you can do with an existing key

Rename — for clarity, doesn't affect the key itself.
Revoke — immediately invalidates the key. Any tool using it will start getting authentication errors. Use this if a key is lost, leaked, or no longer needed.

Best practices

One key per device or tool. Don't share a single key across multiple installations of the Zotero plugin — revoking it kills all of them at once. Issue separate keys per machine and you can revoke surgically.
Rotate occasionally. No automatic rotation today; rotation is your call. Quarterly is a reasonable cadence for keys used in long-running setups.
Don't paste keys into shared documents. Treat them as you'd treat a password.

All requests authenticated via the X-API-Key HTTP header. The Zotero plugin sends the key with every request to the backend. Errors distinguish between missing, invalid, and network failure so you can diagnose without guessing.

Integrations

Connections to external tools you've authorized. Currently this is where Zotero shows up once you've installed the plugin and successfully run Test Connection from its preferences pane.

Each integration listing shows:

The tool's name and current status.
When it last successfully called the API.
A link to revoke the integration (which revokes the corresponding API key).

Credits

Covered in detail in Credits & Billing. The settings page shows:

Current balance (recurring + add-on).
Full usage history with operation type and timestamp.
A How credits work explainer.

Signing out

Sign-out is in the navbar / user menu. Sessions are per-browser; signing out doesn't affect other devices or the Zotero plugin (which uses an API key, not your session).

What's next

Zotero Integration — installing and connecting the plugin.
Credits & Billing — usage and balance.
Troubleshooting & FAQ — common issues and fixes.