bjoerntx on Friday, May 24, 2019Creating Secure API Keys
All ReportingCloud endpoints require a "ReportingCloud-APIKey" or a "Basic" user authorization to access the user acount, data and templates. Only one of these two methods are required.
The advantages of API Keys
-
Entropy
ReportingCloud API Keys have secrets that are securely randomly generated strings over 40 characters long with a significantly greater entropy. Typically, usernames (such as e-mail addresses) and passwords are reused across many sites and could be compromised for more than one site. -
Password reset
If you need to reset your ReportingCloud password, you don't have to update your code to match the new password. -
Independence
ReportingCloud API Keys are independent of the account's master credentials. They can be deleted and created at will - up to 10 API Keys can be created for a single account. -
Traceability
It is possible to create a unique API Key for each project that uses ReportingCloud. In the Information section of each transaction log entry, the used API Key is displayed.
An API Key is a token that a client provides when making API calls. Instead of sending your username and password using the Basic authentication, a created API Key token is used.
Manage API Keys
-
To create new API Keys, visit your portal and click Manage Account.
-
Click Create Key to create a new API Key.
-
To delete an API Key, click the Delete Key button right next to the API Key in the list.
Authorize Requests
The Authorization HTTP header must contain the new method and the key.
The authorization method and a space i.e. "ReportingCloud-APIKey " is then put before the actual API Key string. Sample:
Authorization: ReportingCloud-APIKey oMDM4MrAqL9QEOpyzupnQW5NjvCNtvE5cVDaaLqxI
3 account endpoints are available in the ReportingCloud API to manage API Keys.