API keys for external connexions

What is an API key

An API Key is a string of characters that can be generated by a user after the authentication on the Analytic suite 2. An API Key aims at being used when querying AT Internet REST API instead of providing login details using basic authentication.

 

Who can create an API key

An API Key can only be created by an authenticated user who can manipulate data. This user must have at least one of the following roles:

  • Administrator
  • Delegates
  • Advanced Analyst
  • Analyst
  • or Custom Role with the “Handle data” tool

The API Key is created, enabled, disabled and deleted by each user independently.

 

Using an API key

An API Key gives the same permissions than the user who created it. If the user loses rights on a site, then he won’t be able to use his API key to get data on this site anymore. If the user gets rights on a new site, then he will be able to use his API key to get data on this site.

The API Key aims at being used with REST URLs retrieved from Data Query. We invite you to use an API Key instead of providing login details using basic authentication, when querying the API with an external tool (Script or other).
If you are an SSO user, you must use an API Key to query AT Internet REST API.

 

How to create an API key

1. Click on « See profile »
apik1.png

2. Open the « API KEYS » tab
3. Click on the button « Create a new API Key »

apik2.png

4. Enter a name and a description
5. Click on the button « Create a new API key »

apik3.png

6. Copy the API Key by clicking on the Copy button and save it in a safe place
7. Confirm the action by checking the check box

apik4.png

Please notice that for security reasons, the full API key will only be displayed once during the process described above.

A user can generate an API Key for each project/use of AT Internet REST API. To easily identify the API Key on the interface, we recommend that you give clear and accurate name and description to each API key.

 

How to display existing API keys

The API Keys are displayed in a table providing the user with the following information:
1. Name of the API Key
2. Description of the API key
3. First characters of the API Key
4. Creation date
5. Date of last use
6. Status of the API Key: Active/Inactive

apik5.png


How to modify an API key

From the table displaying all the API Keys, the user can edit each of them to:
1. Update the name or description
2. Make the API Key Inactive

As soon as an API Key is inactive, it can be deleted by the user.

Please notice that deleting an API Key is a definitive action. A deleted API Key cannot be recovered.

 

How to use an API key

An API key can be sent
• in the Query string: parameter is api-key.
• or as a request header: parameter is x-api-key.

Query string example:

https://api.atinternet.io/data/v2/json/getData?columns=%7Bm_visits%7D&sort=%7B-m_visits%7D&space=%7Bs:123456%7D&period=%7BD:%7Bstart:%272018-08-26%27,end:%272018-08-26%27%7D%7D&max-results=20&page-num=1&api-key=e8005ef09a17_039a21e785851e51111111111130cf3157*****

2018-12-14_09h16_55.png

Request sent using Postman

Request header example:

https://api.atinternet.io/data/v2/json/getData?columns=%7Bm_visits%7D&sort=%7B-m_visits%7D&space=%7Bs:123456%7D&period=%7BD:%7Bstart:%272018-08-26%27,end:%272018-08-26%27%7D%7D&max-results=20&page-num=1
• x-api-key: e8005ef09a17_039a21e785851e51111111111130cf3157*****

apik7.png

Request sent using Postman

 

Secure your API keys

If you use API Keys, please make sure:

  • To keep them in a safe place.
  • To keep the use of sending the API Key in query string to the minimum.
  • If you have to share an API Key with someone, create a new one with a specific name and description and then disable or delete it as soon as you can.
  • To delete the useless API Keys on a regular basis.
  • To renew the API Keys used in your programs on a regular basis.
Have more questions? Submit a request