Skip to main content

API Keys

Introduction

Enterstarts Security System V10 support the usage of API Keys for programatic access to the platform objects, storage, services and api's.

API Keys are like authentication token in the sense that they give you access to the platform, but unlike authentication tokens they have no expiration time.

Is good practice to rotate your api-key secret or even delete old and create new ones. This makes your services more safe, and if you use the package system, you wont even need to update more than 1 location to reflect the new API Key changes.

info

Avoid exposing your api keys or secret to the public, if you must do it, then just use a public facing api-gateway which use them internally, this way you avoid security pitfals and adhere to best practices.

Starting

Head to your account on the top-right menu, open the "My Account Menu":

My Account Menu

This will take you to your account admin page: My Account Screen

Open the last option (API Keys)

API Key List

Create API Key

CLick the 'New' button on the top right corner to create an api-key. You can see that you can specify the user type for the api-key, the scope, the tokenType (depending on the use case), ignore the expiry field.

Create API Key

Generate Key & Secret

After you create the api-key you can see that it's ready now to generate the key and the secret. Just click the Ativate button:

Details API Key

The api key is now generated, as you can see (contents have been redacted for security and privacy purposes) Generated API Key

API Key Usage

You can use your new api key now.

Headers

Just send inside these headers for every request to enterstarts api

  • x-api-key
  • x-api-secret

Check this postman example (note the last 2 highlighted http header fields):

Postman Request

SDK

Example code to get an object

const sdk=include("core-sdk/api-service");
const fetch=require("node-fetch");

function Handler(context, req, res) {
    const tokenAuth={
        apiKey: ...,
        apiSecret: ...,
        isAPIKey: true
    };
    var api = new sdk.APIService("zstorage", tokenAuth);

    const recordId='...';
    api.get("record/"+recordId)
    .then(function (Resp) {
        res.send(Resp);
    }, function (Error){
        res.status(400)
          .send(Error);
    });

}

exports.Handler=Handler;