API Authentication

Authentication logic - API key

To establish connectivity with an Inspectorio Server API, you can now use an API Key.

What is an API Key?

An applicaton programming interface key (API Key) is a unique code, primarily used to identify the calling program or its user. An API Key identifies and validates the source of an API request.

Inspectorio’s API Keys are unique, random, and non-guessable. API Keys that are generated by Inspectorio use alphanumeric, special characters and they don’t expire unless removed.

Why do we use API Key?

To establish connectivity with an Inspectorio API, you must authenticate your request.

With this authentication logic, you can use an API Key to make the integration between Inspectorio APIs and your server easier, specifically not having to refresh tokens after a certain amount of time. Moreover, it is one of the most secure authentication methods in practice.

How do I generate my API Keys?

You manage your API Keys within the Inspectorio Rise web platform, accessible via web browser. An Admin or Account Owner of your organization on the Inspectorio Rise platform has access to create and manage API Keys.

This API key management page will be displayed in the View Organization Settings of your account:

Request Header Format

An API Key will be generated and activated when you click on button Create API Key in the Inspectorio Rise platform.

Request Header Format

By using this API Key feature, you can:

  • Add multiple API Keys for your organization
  • Add/Edit/Delete a description for each API Key
  • Remove any API Key from Inspectorio platform (The removed API Key cannot be used to authenticate your request to Inspectorio Server API anymore).

Request Header Format

API Key identification and storage

An organization can have multiple API Keys. The API Keys are secure and usable only within one organization. You cannot use one organization’s Key to send an API request for another organization.

Please make sure you store your API Keys safely somewhere right after it created because Inspectorio will not store any API Key, and we cannot restore it for you.

When you navigate back to the API Key feature, your API Key will be shown as hidden text. We just display the prefix as a hint in case you want to remove this API Key.

We recommend that you add a description for each API Key so you can track the purpose of each Key. This will ensure that you do not make a mistake when removing a Key later on.

Request Header Format

How do I authenticate my request by API Key?

As soon as your API Key has been generated from within the Inspectorio Rise platform, you can use this Key to authenticate your Inspectorio API’s requests by adding the header key: apiKey with the value of the created key.

Request Header Format

The API Key will be valid until it is removed from your API Key Management page, or the creator is removed from the Inspectorio Rise platform. If you try to authenticate with the wrong API Key value or an API Key already removed from the Inspectorio Rise platform, then you will see the following error message in the request body.

{
    "errorCode": "Generic",
    "message": "API Key is invalid"
}