Use an API key to create custom applications with Blue Billywig’s API. In this article you will learn how to create API keys, as well as best practices for managing them securely.
API secret for time-based token calculation
The “API Secret” listed in the credentials can be used to calculate time-based tokens. Visit our article SAPI Authentication for code examples.
1.0 | Create an API key
To create an API key:
- Click to expand “Publication settings” in the left menu panel.
- Click “Secrets”.
- Click “Create new API Key”.
Admin permissions required
Contact your account’s admin user or support@bluebillywig.com if the “Secrets” menu isn’t available.
- Enter the API key “label” (required) and “description” (optional).
- Select the roles of the API key. Select only the roles your integration needs.
- Click “save” to generate the “Secret” and “ID” values of the API key. Together they form the credential used in API calls, in the format
{ID}-{secret}, for example490-55c491d354cfefb9b4d26cf22fbdd0a1. Read more about SAPI Authentication.
To edit an existing API key, return to the “Secrets” section and click the key in the list. To delete a key, use the delete action available on each row in the list.
2.0 | API Key Management: Best Practices
Proper API key management is recommended to keep your account secure. We recommend the following best practices:
- Create separate API keys for each implementation.
- Determine appropriate access permissions for your API keys.
- Do not embed API keys directly in your code or store them in files that are checked into version control.
- Delete unused API keys.
- Periodically renew API keys by deleting the old key and creating a new one.