Skip to main content
Skip table of contents

API access keys

API keys in YSoft SAFEQ Cloud server are required to access various server functions using API calls. Please refer to separate API documentation for a full description of the available API endpoints and how to use them.

By default, there are several API keys predefined for each customer account which are used by various clients connecting to SAFEQ Cloud server, for example, the SAFEQ Cloud client or a Chrome browser extension.

For security reasons, we recommend you to use a custom API key instead of the predefined ones and disable the predefined keys. A custom API key can be specified during SAFEQ Cloud client or SAFEQ Cloud gateway installation.

Access to the API key section in the SAFEQ Cloud Web UI is controlled by ModifyApiKey, ViewApiKey, and DeleteApiKey permissions set in the user roles. API keys are inherited from top-level vendor nodes. If an API key is defined on a vendor account level, it can be used to access API functions for all sub-accounts for that vendor.

Each API key has the following properties:

  • Key name – a descriptive name of the API key.
  • Key value – value of the API key which is provided in the API requests. It is recommended to use a difficult to guess value (such as UUID) for this field.
  • Active – a flag indicating whether this API key is active.
  • Pull API access – if enabled, it allows using this API key for administrative functions such as creating users, accounts, etc. If disabled, only a limited subset of functions is available.
  • Allow unauthenticated requests – if this option is enabled, it is possible to send API requests without acquiring the user token first.
  • Allow untrusted endpoints – if this option is enabled, it is possible to perform login operations and acquire a user token without device registration workflow. See the API documentation for more information.
  • Automatic endpoint trust – If this option is enabled, clients which request a device token through OAuth flow will be trusted automatically without the need to confirm device trust through the endpoints UI.
  • Expiration date – an optional field indicating the date when this API key expires. If not set, the key does not expire.
  • Allowed IPs –  a list of whitelisted IP addresses from which API requests are allowed for this key. If not specified, all IPs are allowed.
Please note that for a predefined key Default key for client and gateway or for a custom key which is intended to be used by SAFEQ Cloud Client or SAFEQ Cloud gateway, you must enable the Allow unauthenticated requests and Allow untrusted endpoints flags, otherwise, you won't be able to install or use the SAFEQ Cloud Client in a default configuration and to install the secondary SAFEQ Cloud gateway.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.