API Keys

Always keep your API Keys private. When creating your API keys, you can restrict them to a given set of permissions. In addition to your API Keys, you may use JSON Web Tokens (JWT) to authenticate to the API. See our Sessions resource for more information.

Retrieve a list of api keys

Retrieve a list of api keys.

Request
Security:
query Parameters
limit
integer [ 0 .. 1000 ]

The collection items limit.

offset
integer >= 0

The collection items offset.

sort
Array of strings

The collection items sort field and order (prefix with "-" for descending sort).

header Parameters
Organization-Id
string (ResourceId) <= 50 characters
Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21
Responses
200

A list of api keys was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

get/api-keys
Request samples
$apiKeys = $client->apiKeys()->search([
    'filter' => 'description:Test',
]);
Response samples
application/json
[
  • {
    }
]

Create an api key

Create an api key.

Request
Security:
header Parameters
Organization-Id
string (ResourceId) <= 50 characters
Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21
Request Body schema: application/json

ApiKey resource.

description
required
string

API key description.

type
string
Default: "secret"

Type of API key.

Enum: "secret" "publishable"
Array of objects

Specify access control list here if creating a restricted API key. Send all matching permission with an empty scope to allow all permissions.

Array
required
object

Api Key scope.

permissions
required
Array of strings <operationId>

Specify individual permission here if creating a restricted API key. Use wildcard * for full access.

allowedIps
Array of strings or null <ip> (AllowedIps)

The list of allowed IP addresses. Private subnets are not allowed. Set to null to remove restrictions.

Responses
201

Api Key was created.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

422

Invalid data was sent.

post/api-keys
Request samples
application/json
{
  • "description": "string",
  • "type": "secret",
  • "acl": [
    ],
  • "allowedIps": [
    ]
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "description": "string",
  • "type": "secret",
  • "acl": [
    ],
  • "allowedIps": [
    ],
  • "apiUser": "string",
  • "secretKey": "string",
  • "createdTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ]
}

Retrieve api key

Retrieve api key with specified identifier string.

Request
Security:
path Parameters
id
required
string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

header Parameters
Organization-Id
string (ResourceId) <= 50 characters
Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21
Responses
200

Api key was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

get/api-keys/{id}
Request samples
$apiKeys = $client->apiKeys()->load('apiKeyID');
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "description": "string",
  • "type": "secret",
  • "acl": [
    ],
  • "allowedIps": [
    ],
  • "apiUser": "string",
  • "secretKey": "string",
  • "createdTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ]
}

Create or update api key with predefined ID

Create or update api key with predefined identifier string.

Request
Security:
path Parameters
id
required
string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

header Parameters
Organization-Id
string (ResourceId) <= 50 characters
Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21
Request Body schema: application/json

ApiKey resource.

description
required
string

API key description.

type
string
Default: "secret"

Type of API key.

Enum: "secret" "publishable"
Array of objects

Specify access control list here if creating a restricted API key. Send all matching permission with an empty scope to allow all permissions.

Array
required
object

Api Key scope.

permissions
required
Array of strings <operationId>

Specify individual permission here if creating a restricted API key. Use wildcard * for full access.

allowedIps
Array of strings or null <ip> (AllowedIps)

The list of allowed IP addresses. Private subnets are not allowed. Set to null to remove restrictions.

Responses
200

ApiKey was updated.

201

ApiKey was created.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

422

Invalid data was sent.

put/api-keys/{id}
Request samples
application/json
{
  • "description": "string",
  • "type": "secret",
  • "acl": [
    ],
  • "allowedIps": [
    ]
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "description": "string",
  • "type": "secret",
  • "acl": [
    ],
  • "allowedIps": [
    ],
  • "apiUser": "string",
  • "secretKey": "string",
  • "createdTime": "2019-08-24T14:15:22Z",
  • "_links": [
    ]
}

Delete api key

Delete api key with predefined identifier string.

Request
Security:
path Parameters
id
required
string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

header Parameters
Organization-Id
string (ResourceId) <= 50 characters
Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21
Responses
204

ApiKey was deleted.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

409

ApiKey has related resources and cannot be deleted.

delete/api-keys/{id}
Request samples
$client->apiKeys()->delete('apiKeyID');
Response samples
application/json
{
  • "status": 400,
  • "title": "string",
  • "detail": "string",
  • "error": "string"
}