API Authentication
Authentication logic - API key
To establish connectivity with an Inspectorio Server API, you can now use an API Key
.
What is an API Key?
An applicaton programming interface key
(API Key) is a unique code, primarily used to identify the calling program or its user. An API Key identifies and validates the source of an API request.
Inspectorio’s API Keys are unique
, random
, and non-guessable
. API Keys that are generated by Inspectorio use alphanumeric
, special characters
and they don’t expire unless removed.
Why do we use API Key?
To establish connectivity with an Inspectorio API, you must authenticate your request.
With this authentication logic, you can use an API Key to make the integration between Inspectorio APIs and your server easier, specifically not having to refresh tokens after a certain amount of time. Moreover, it is one of the most secure authentication methods in practice.
How do I generate my API Keys?
You manage your API Keys within the Inspectorio Rise web platform, accessible via web browser. An Admin
or Account Owner
of your organization on the Inspectorio Rise platform has access to create and manage API Keys.
This API key management page will be displayed in the View Organization Settings
of your account:
An API Key will be generated and activated when you click on button Create API Key in the Inspectorio Rise platform.
By using this API Key feature, you can:
- Add
multiple
API Keys for your organization - Add/Edit/Delete
a description
for each API Key Remove
any API Key from Inspectorio platform (The removed API Key cannot be used to authenticate your request to Inspectorio Server API anymore).
API Key identification and storage
An organization can have multiple API Keys
. The API Keys are secure and usable only within one organization
. You cannot use one organization’s Key to send an API request for another organization.
Please make sure you store your API Keys safely
somewhere right after it created because Inspectorio will not store any API Key, and we cannot restore it for you.
When you navigate back to the API Key feature, your API Key will be shown as hidden text
. We just display the prefix as a hint
in case you want to remove this API Key.
We recommend that you add a description for each API Key so you can track the purpose of each Key. This will ensure that you do not make a mistake when removing a Key later on.
How do I authenticate my request by API Key?
As soon as your API Key has been generated from within the Inspectorio Rise platform, you can use this Key to authenticate your Inspectorio API’s requests by adding the header key: apiKey
with the value of the created key.
The API Key will be valid until it is removed from your API Key Management page, or the creator is removed from the Inspectorio Rise platform. If you try to authenticate with the wrong API Key value
or an API Key already removed
from the Inspectorio Rise platform, then you will see the following error message
in the request body.
{
"errorCode": "Generic",
"message": "API Key is invalid"
}