API Authentication


Authentication logic - API key

To establish connectivity with an Inspectorio Server API, you can now use an API Key.

What is an API Key? An applicaton programming interface key (API Key) is a unique code, primarily used to identify the calling program or its user. An API Key identifies and validates the source of an API request.

Inspectorio’s API Keys are unique, random, and non-guessable. API Keys that are generated by Inspectorio use alphanumeric, special characters and they don’t expire unless removed.

Why do we use API Key? To establish connectivity with an Inspectorio API, you must authenticate your request.

Inspectorio already supports API authentication with a login token by using a username and hashed password. With the current implementation, this token expires after 24 hours and you must re-login or refresh this token.

With new authentication logic, you can now use an API Key to make the integration between Inspectorio APIs and your server easier.

How do I generate my API Keys? You manage your API Keys within the Inspectorio Sight web platform, accessible via web browser. An Admin or Account Owner of your organization on the Inspectorio Sight platform has access to create and manage API Keys. This API key management page will be display under the configuration tab of your account: Request Header Format

An API Key will be generated and activated automatically when you click on the Create API Key feature in the Inspectorio Sight platform. Request Header Format By using this API Key feature, you can:

  • Add multiple API Keys for your organization
  • Add a description for each API Key
  • Remove any API Key from Inspectorio platform (The removed API Key cannot be used to authenticate your request to Inspectorio Server API anymore). Request Header Format

API Key identification and storage

An organization can have multiple API Keys. The API Keys are secure and usable only within one organization. You cannot use one organization’s Key to send an API request for another organization. Please make sure you store your API Keys safely somewhere right after it created because Inspectorio will not store any API Key, and we cannot restore it for you.

When you navigate back to the API Key feature, your API Key will be shown as hidden text. We just display the prefix as a hint in case you want to remove this API Key. We recommend that you add a description for each API Key so you can track the purpose of each Key. This will ensure that you do not make a mistake when removing a Key later on. Request Header Format

How do I authenticate my request by API Key? As soon as your API Key has been generated from within the Inspectorio Sight platform, you can use this Key to authenticate your Inspectorio API’s requests by adding the header key: apiKey with the value of the created key (You don’t need to send Login API to get login token anymore). Request Header Format The API Key will be valid until it is removed from your API Key Management page. If you try to authenticate with the wrong API Key value or an API Key already removed from the Inspectorio Sight platform, then you will see the following error message in the request body.

{
    "errorCode": "Generic",
    "message": "API Key is invalid"
}