API Keys
API Keys authenticate requests to the HTTP API and are required for all API interactions, including widget verification. Each key’s security permissions are determined by its assigned Security Group.
Related
Configuration Settings
- Name: Assign a descriptive name (e.g., project or website name) for identification.
- Request Logs: Control request logging behavior:
- Verification only: Logs only
/v1/challengeand/v1/verifyendpoints - All requests: Logs every API call
- Off: Disables all logging (also disables analytics as they depend on log data)
- Verification only: Logs only
- Secret: Cryptographic verification value (configurable after key creation)
- Security Group: Determines the key’s permissions and access rules
API Key Usage
Always include your API key when making HTTP API requests. The authorization method depends on the security group’s Access Level:
Public Access Level
Send via either method (never expose the secret):
- URL parameter:
?apiKey=key_... - HTTP header:
Authorization: Bearer key_...
Restricted Access Level
Send via either method (never expose the secret):
- URL parameter:
?apiKey=key_... - HTTP header:
Authorization: Bearer key_...
Full Access Level (Administrative)
Requires Basic authentication with secret:
- HTTP header:
Authorization: Basic ${base64(apiKeyId + ':' + apiKeySecret)}
Key components:
apiKeyId: Your API keyapiKeySecret: The secret value (acts as password)