Security: API Keys

Overview

API Keys allow the creation of RESTful endpoints that will make records of a given form accessible and editable from external resources as a web service.

API Keys
API Key Dashboard
ItemDescription
Create API KeyCreate a new API Key
NameGiven name for the API Key
DescriptionBrief description of the API Key
Created OnDate when the API Key was created
Created ByUser that created the API Key
EnabledToggle option to enable access using this API Key

Create API Keys

Create API Key by clicking the ‘Create API Key’ button and completing the given options

Create API Keys
Create API Key
Create API Keys
API Key New
ItemDescription
Generated API KeyString that represents the generated API Key, this will key show only once so it is advised to be kept at a safe place as it won’t be visible once you leave the current page
NameName of the API Key
DescriptionDescription of the API Key[Optional]
Security Details
TypeWhether access to this API is enabled to specific users or to all domain users
user emailSearch email address of users within the domain to grant them access to use this API Key
Access Details
FormForm for the current application that will be accessible from with this API key
Select scopesScope or permissions allowed for the different records for the selected form
Add access to a form and scopes
CancelCancel changes
SaveSave API Keys

API Options

API Options once an API key has been created

API Options
API Options
ItemDescription
Generate New KeyGenerates a new key
API ReferenceDocumentation that explains with details how to call the Resftul API endpoints for the given form
EditEdit the existing API access
RemoveRemove the API key

Best Practices

API keys are a simple encrypted string that can be used to generate a bearer token, that will in turn be used to call your GW APPs APIs. Make sure to keep all your API keys secure. Publicly exposing your credentials can result in your data being compromised.

API Key Configurations

While generating your API Key, you can configure the following security options:

  • Restrict your API keys to allow only specific email addresses: Select the email addresses of users you want to access the data as (recommended). The API will retrieve data based on the user that the token was generated with, so you will only have access to the data that person has access to in the app. You can also select All Domain Users which will allow you to act as any user in GW apps.
  • Restrict your API keys to be usable only for certain forms & scopes: Select what forms and what scopes your API Key has access to. Doing that will limit the level of access that this API Key has.Note:Scopes is used to limit an API Key’s access to a user’s account however it will maintain user’s security access defined in the app. Meaning even though you enable “Record Create” scope, when you are calling the API if the user doesn’t have access to create, the API will return a 401 unauthorized.
  • Regenerate your API keys periodically: You can regenerate API keys from the API Key list page by clicking `Generate new key` for each key. Then, update your applications to use the newly-generated keys.
  • Enable / Disable API Keys: You can disable your API key at any time, that will ensure that any call using that API Key will no longer work.
  • Delete unneeded API keys: To minimize your exposure to attack, delete any API keys that you no longer need.
Updated on October 6, 2020

Was this article helpful?

Related Articles