If you head to the **Settings** tab at the top of the DeployHQ interface, then to **Security** on the left hand side, you'll be able to monitor and configure two important aspects of your user account.

{screenshot: 163}

Within the security tab, you'll be able to view and revoke any active browser sessions for your user account. You'll see a list of connections with associated IP addresses and a **Logout** button next to each one, which you can click to immediately revoke it.

Secondly, you'll see a list of personal API keys which you can use for integrating with our [API](Article: #51). You can remove previous API keys at any time, or enter a description then click **Create API Key** to add a new one.
When creating a key, you can tick **Read-only** to restrict it to read endpoints only. A read-only key can fetch information but cannot make changes (such as creating deployments, editing projects, or changing account settings), which is useful for integrations like monitoring or reporting tools. A key's read-only setting is fixed when it's created; to change it, revoke the key and create a new one.

The API key will be displayed temporarily until you first use it, so you'll need to ensure you make a note of it.