API keys are a simple encrypted string that can be used to generate a bearer token, that will in turn be used to call your GW Apps APIs. Make sure to keep all your API keys secure. Publicly exposing your credentials can result in your data being compromised.
Select ‘+ Create API Key‘ to create an API Key and select the scopes for Users and Shared roles.
The Enabled column lets you toggle API Access on/off.
|Select the three dots to view options for the selected key.|
|– Click Generate New Key to generate a new key.|
– API Reference will open the API documentation and guide on how to utilize the APIs (same as API Key Configurations below).
– Edit the scopes for which the API has been enabled.
– Remove the API Key.
API Key Configurations
While generating your API Key, you can configure the following security options:
- Restrict your API keys to allow only specific email addresses: Select the email addresses of super administrator users you want to access the data as.
- Restrict your API keys to be usable only for certain platform entities & scopes: Select what entities and what scopes your API Key has access to. Doing that will limit the level of access that this API Key has. Note:Scopes is used to limit an API Key’s access to a user’s account however it will maintain user’s security access defined in the app. Meaning even though you enable “User Create” scope, when you are calling the API if the user doesn’t have access to create, the API will return a 401 unauthorized.
- Regenerate your API keys periodically: You can regenerate API keys from the API Key list page by clicking `Generate new key` for each key. Then, update your applications to use the newly-generated keys.
- Enable / Disable API Keys: You can disable your API key at any time, that will ensure that any call using that API Key will no longer work.
- Delete unneeded API keys: To minimize your exposure to attack, delete any API keys that you no longer need.