In this article we’ll discuss how you can create and generate API Keys for your applications. We’ll also discuss API Key configuration options.
API Key Overview
API Keys allow the creation of RESTful endpoints that will make records of a given form accessible and editable from external resources as a web service.
|Create a new API Key|
|Name||Given name for the API Key|
|Description||Brief description of the API Key|
|Created On||Date when the API Key was created|
|Created By||User that created the API Key|
|Enabled||Toggle option to enable access using this API Key|
Create API Keys
Create API Key by clicking the ‘Create API Key’ button and completing the given options
|Create API Keys|
|Create API Keys|
|Generated API Key||String that represents the generated API Key, this will key show only once so it is advised to be kept at a safe place as it won’t be visible once you leave the current page|
|Name||Name of the API Key|
|Description||Description of the API Key[Optional]|
|Type||Whether access to this API is enabled to specific users or to all domain users|
|user email||Search email address of users within the domain to grant them access to use this API Key|
|Form||Form for the current application that will be accessible from with this API key|
|Select scopes||Scope or permissions allowed for the different records for the selected form|
|Add access to a form and scopes|
|Save||Save API Keys|
API Key Configuration Options
You can customize the API Key Configuration Options once an API key has been created. To do so, select the three dots on the far right of the API Key row (as seen below).
|Generate New Key||Generates a new key|
|API Reference||Documentation that explains with details how to call the Resftul API endpoints for the given form|
|Edit||Edit the existing API access|
|Remove||Remove the API key|
API Key Configuration Best Practices
API keys are a simple encrypted string that can be used to generate a bearer token, that will in turn be used to call your GW Apps APIs. Make sure to keep all your API keys secure. Publicly exposing your credentials can result in your data being compromised.
API Key Configurations
While generating your API Key, you can configure the following security options:
- Restrict your API keys to allow only specific email addresses: Select the email addresses of users you want to access the data as (recommended). The API will retrieve data based on the user that the token was generated with, so you will only have access to the data that person has access to in the app. You can also select All Domain Users which will allow you to act as any user in GW Apps.
- Restrict your API keys to be usable only for certain forms & scopes: Select what forms and what scopes your API Key has access to. Doing that will limit the level of access that this API Key has.Note:Scopes is used to limit an API Key’s access to a user’s account however it will maintain user’s security access defined in the app. Meaning even though you enable “Record Create” scope, when you are calling the API if the user doesn’t have access to create, the API will return a 401 unauthorized.
- Regenerate your API keys periodically: You can regenerate API keys from the API Key list page by clicking `Generate new key` for each key. Then, update your applications to use the newly-generated keys.
- Enable / Disable API Keys: You can disable your API key at any time, that will ensure that any call using that API Key will no longer work.
- Delete unneeded API keys: To minimize your exposure to attack, delete any API keys that you no longer need.