}

Committed by
Bjoern Meyer on Friday, February 8, 2019

Creating Secure API Keys

All ReportingCloud endpoints require a "ReportingCloud-APIKey" or a "Basic" user authorization to access the user acount, data and templates. Only one of these two methods are required.

We highly recommend to use API Keys instead of the "Basic" authorization for security reasons.

The advantages of API Keys

  • Entropy
    ReportingCloud API Keys have secrets that are securely randomly generated strings over 40 characters long with a significantly greater entropy. Typically, usernames (such as e-mail addresses) and passwords are reused across many sites and could be compromised for more than one site.

  • Password reset
    If you need to reset your ReportingCloud password, you don't have to update your code to match the new password.

  • Independence
    ReportingCloud API Keys are independent of the account's master credentials. They can be deleted and created at will - up to 10 API Keys can be created for a single account.

  • Traceability
    It is possible to create a unique API Key for each project that uses ReportingCloud. In the Information section of each transaction log entry, the used API Key is displayed.

An API Key is a token that a client provides when making API calls. Instead of sending your username and password using the Basic authentication, a created API Key token is used.

Keep it safe like a username/password combination as ReportingCloud can be used with your quota when one of your API Keys is used. Anyway, if compromised, you can easily delete this API Key and create a new one without resetting your password.

Manage API Keys

  1. To create new API Keys, visit your portal and click Manage Account.

  2. Click Create Key to create a new API Key.

  3. To delete an API Key, click the Delete Key button right next to the API Key in the list.

Authorize Requests

The Authorization HTTP header must contain the new method and the key.

The authorization method and a space i.e. "ReportingCloud-APIKey " is then put before the actual API Key string. Sample:

Authorization: ReportingCloud-APIKey oMDM4MrAqL9QEOpyzupnQW5NjvCNtvE5cVDaaLqxI

3 account endpoints are available in the ReportingCloud API to manage API Keys.

    Found a in our documentation?

    Edit this page on GitHub