API keys in YSoft SAFEQ Cloud server are required to access various server functions using API calls. Please refer to separate API documentation for a full description of the available API endpoints and how to use them.
By default, there are several API keys predefined for each customer account which are used by various clients connecting to SAFEQ Cloud server, for example, the SAFEQ Cloud client or a Chrome browser extension.
Access to the API key section in the SAFEQ Cloud Web UI is controlled by ModifyApiKey, ViewApiKey, and DeleteApiKey permissions set in the user roles. API keys are inherited from top-level vendor nodes. If an API key is defined on a vendor account level, it can be used to access API functions for all sub-accounts for that vendor.
Each API key has the following properties:
- Key name – a descriptive name of the API key.
- Key value – value of the API key which is provided in the API requests. It is recommended to use a difficult to guess value (such as UUID) for this field.
- Active – a flag indicating whether this API key is active.
- Pull API access – if enabled, it allows using this API key for administrative functions such as creating users, accounts, etc. If disabled, only a limited subset of functions is available.
- Allow unauthenticated requests – if this option is enabled, it is possible to send API requests without acquiring the user token first.
- Allow untrusted endpoints – if this option is enabled, it is possible to perform login operations and acquire a user token without device registration workflow. See the API documentation for more information.
- Automatic endpoint trust – If this option is enabled, clients which request a device token through OAuth flow will be trusted automatically without the need to confirm device trust through the endpoints UI.
- Expiration date – an optional field indicating the date when this API key expires. If not set, the key does not expire.
- Allowed IPs – a list of whitelisted IP addresses from which API requests are allowed for this key. If not specified, all IPs are allowed.