API access keys
API keys in SAFEQ Cloud server are required to access various server functions using API calls. Please refer to separate API documentation for a full description of the available API endpoints and how to use them.
By default, there are several API keys predefined for each customer account which are used by various clients connecting to SAFEQ Cloud server, for example, the SAFEQ Cloud client or a Chrome browser extension.
Access to the API key section in the SAFEQ Cloud Web UI is controlled by ModifyApiKey, ViewApiKey, and DeleteApiKey permissions set in the user roles. API keys are inherited from top-level vendor nodes. If an API key is defined on a vendor account level, it can be used to access API functions across all sub-accounts associated with that vendor.
Creating an API key
- In the SAFEQ Cloud Web UI, click Security > API access keys.
- Click Add.
- Fill in the required properties.
- Type
- General – The default type. You can set all the permissions according to your needs.
- Embedded – Used in Embedded configurations. Use the raw value if you wish to install a terminal via Manual operations (see Embedded Terminals' configuration and Terminal Deployment Tool).
- Chrome – Used for Chrome extensions. If you wish to use the one that is created by default, regenerate it to see the value behind the hash.
- Edge – Used for Edge devices such as the OMNI bridge. When you add a new edge device, a new value is added to this default Edge API key.
- Name – a descriptive name of the API key.
- Value – an automatically generated unique value associated with the API key.
- Active – a flag indicating whether this API key is active.
Allow unauthenticated requests – if this option is enabled, it is possible to send API requests without acquiring the user token first.
This option is deprecated and will be removed in future versions. Use the Enable secure login for session authentication types setting in the SAFEQ Cloud Client configuration instead.
Allow untrusted endpoints – if this option is enabled, it is possible to perform login operations and acquire a user token without completing the device registration workflow. See the API documentation for more information.
This option is deprecated and will be removed in future versions. Use the Enable secure login for session authentication types setting in the SAFEQ Cloud Client configuration instead.
- Automatic endpoint trust – if this option is enabled, SAFEQ Cloud Clients, secondary gateways, printers, and other endpoints will be automatically authorized when they use this API key for registration. Note that this grants them access to company data; therefore, we recommend enabling this option only for selected keys and only for the necessary duration.
- Expiration date – an optional field indicating the date when this API key expires. If not set, the key does not expire.
- Allowed IPs – a list of whitelisted IP addresses from which API requests are allowed for this key. If not specified, all IPs are allowed.
- Advanced API permissions – if this option is enabled, it allows you to additional special permissions required for specific API calls. See the API documentation for additional details.
- Additional values associated with the API key are present in the Values tab at the top of the configuration form.
- Type
Note that for the predefined key Default key for client and gateway or for a custom key which is intended to be used by the HCP Client or HCP gateway, you must enable the Allow unauthenticated requests and Allow untrusted endpoints flags. Otherwise, you won't be able to install or use the HCP Client in the local storage mode, and to install the secondary HCP gateway.
Creating additional values for an API key
- After you have created and saved your new API key, click the edit icon to edit it. Go to the Values tab and then click Add new value.
- A new dialog window will open.
- In the Description field, enter a description that you can later use to identify this specific API access key value.
Click Generate to generate a unique value associated with the API key.
All other properties are inherited from the associated API key.
- Click Save.