Manage account

The Account tab allows you to manage your account password, authentication sessions, and API access.

Changing your password

To change your password:

1. Navigate to Password

2. Enter your current password

3. Enter and confirm your new password

4. Click Change Password

Passwords must meet a minimum security requirement of 8 characters. This can be adjusted for stronger needs.

Account Limitations

Currently, Tangled only supports one account per instance. All features are available to the admin user.

---

API Keys

API keys provide programmatic access to Tangled without requiring UI access. They're ideal for automated scripts and integrations with other tools.

Creating an API Key

1. Navigate to Account → API Keys

2. Click Create API Key

3. Enter a descriptive Name (e.g., "Automation Script", "Monitoring Tool")

4. Click Generate

Important

The full API key is shown only once after creation. Copy it immediately and store it securely.

API Key Permissions

API keys have restricted permissions compared to full user access, allowing you to mark emails as opened when recipients interact with tracking links or pixels embedded in campaigns.

They cannot list, create or modify campaigns, templates, servers, sender profiles, targets, or platform settings, as well as retrieving logs or statistics. This restricted scope ensures safe monitoring and data retrieval without risking configuration changes.

If you wish to extend an endpoint to support/revoke API Keys authentication, change the user=Depends(...) authentication line in the selected route endpoint:

• get_current_user: only authentication with credentials (JWT) supported

• get_user_from_api_key: only authentication with API Key supported

• get_user_both_auths: accept both authentication types

Using API Keys

Include the API key in the Authorization header:

curl -H "Authorization: ApiKey <value>" \
     https://tangledsec.com:8000/api/campaigns

See the API Reference for complete documentation.

Revoking API Keys

If a key is compromised or no longer needed:

1. Find the key in the API Keys list

2. Click Revoke

3. The key will be immediately invalidated

Active Sessions

A list with all active login sessions for your account is available. Each session shows browser/device User agent information, IP Address, Last Seen timestamp and when the session was established.

Revoking Sessions

To log out from specific devices you can simply find the session in the Active Sessions list and click Revoke next to the session. The user will be logged out on that device.

To revoke all sessions except your current one, click Revoke All Other Sessions