What is an API key
An API Key is a string of characters that can be generated by a user after the authentication on the Analytic suite 2. An API Key aims at being used when querying AT Internet REST API instead of providing login details using basic authentication.
Who can create an API key
An API Key can only be created by an authenticated user who can manipulate data. This user must have at least one of the following roles:
- Advanced Analyst
- or Custom Role with the “Handle data” tool
The API Key is created, enabled, disabled and deleted by each user independently.
Using an API key
An API Key gives the same permissions than the user who created it. If the user loses rights on a site, then he won’t be able to use his API key to get data on this site anymore. If the user gets rights on a new site, then he will be able to use his API key to get data on this site.
The API Key aims at being used with REST URLs retrieved from Data Query. We invite you to use an API Key instead of providing login details using basic authentication, when querying the API with an external tool (Script or other).
If you are an SSO user, you must use an API Key to query AT Internet REST API.
How to create an API key
1. Click on « See profile »
2. Open the « API KEYS » tab
3. Click on the button « Create a new API Key »
4. Enter a name and a description
5. Click on the button « Create a new API key »
6. Copy the API Key by clicking on the Copy button and save it in a safe place
7. Confirm the action by checking the check box
Please notice that for security reasons, the full API key will only be displayed once during the process described above.
A user can generate an API Key for each project/use of AT Internet REST API. To easily identify the API Key on the interface, we recommend that you give clear and accurate name and description to each API key.
How to display existing API keys
The API Keys are displayed in a table providing the user with the following information:
1. Name of the API Key
2. Description of the API key
3. First characters of the API Key
4. Creation date
5. Date of last use
6. Status of the API Key: Active/Inactive
How to modify an API key
From the table displaying all the API Keys, the user can edit each of them to:
1. Update the name or description
2. Make the API Key Inactive
As soon as an API Key is inactive, it can be deleted by the user.
Please notice that deleting an API Key is a definitive action. A deleted API Key cannot be recovered.
How to use an API key
An API key can be sent
• in the Query string: parameter is api-key.
• or as a request header: parameter is x-api-key.
Query string example:
Request sent using Postman
Request header example:
• x-api-key: e8005ef09a17_039a21e785851e51111111111130cf3157*****
Request sent using Postman
Secure your API keys
If you use API Keys, please make sure:
- To keep them in a safe place.
- To keep the use of sending the API Key in query string to the minimum.
- If you have to share an API Key with someone, create a new one with a specific name and description and then disable or delete it as soon as you can.
- To delete the useless API Keys on a regular basis.
- To renew the API Keys used in your programs on a regular basis.