Skip to main content
Skip table of contents

API access keys

API keys in SAFEQ Cloud server are required to access various server functions using API calls. Please refer to separate API documentation for a full description of the available API endpoints and how to use them.

By default, there are several API keys predefined for each customer account which are used by various clients connecting to SAFEQ Cloud server, for example, the SAFEQ Cloud client or a Chrome browser extension.

For security reasons, we recommend you to use a custom API key instead of the predefined ones and disable the predefined keys. A custom API key can be specified during SAFEQ Cloud client or SAFEQ Cloud gateway installation.

Access to the API key section in the SAFEQ Cloud Web UI is controlled by ModifyApiKey, ViewApiKey, and DeleteApiKey permissions set in the user roles. API keys are inherited from top-level vendor nodes. If an API key is defined on a vendor account level, it can be used to access API functions across all sub-accounts associated with that vendor.

Creating an API key

  1. In the SAFEQ Cloud Web UI, click Security > API access keys.
  2. Click Add.
  3. Fill in the required properties.
    • Type 
      • General – The default type. You can set all the permissions according to your needs.
      • Embedded – Used in Embedded configurations. Use the raw value if you wish to install a terminal via Manual operations (see Embedded Terminals' configuration and Terminal Deployment Tool).
      • Chrome – Used for Chrome extensions. If you wish to use the one that is created by default, regenerate it to see the value behind the hash.
    • Name – a descriptive name of the API key.
    • Value – an automatically generated unique value associated with the API key.
    • Active – a flag indicating whether this API key is active.
    • Allow unauthenticated requests – if this option is enabled, it is possible to send API requests without acquiring the user token first.
    • Allow untrusted endpoints – if this option is enabled, it is possible to perform login operations and acquire a user token without completing the device registration workflow. See the API documentation for more information.
    • Automatic endpoint trust – if this option is enabled, clients which request a device token through OAuth flow will be trusted automatically without the need to confirm device trust through the endpoints UI.
    • Expiration date – an optional field indicating the date when this API key expires. If not set, the key does not expire.
    • Allowed IPs – a list of whitelisted IP addresses from which API requests are allowed for this key. If not specified, all IPs are allowed.
    • Advanced API permissions – if this option is enabled, it allows you to additional special permissions required for specific API calls. See the API documentation for additional details.
Note that for the predefined key Default key for client and gateway or for a custom key which is intended to be used by the SAFEQ Cloud Client or SAFEQ Cloud gateway, you must enable the Allow unauthenticated requests and Allow untrusted endpoints flags. Otherwise, you won't be able to install or use the SAFEQ Cloud Client in a default configuration and to install the secondary SAFEQ Cloud gateway.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.