With an API key your developers can create custom applications with Blue Billywig’s API. An API key contains a “shared secret” that can be used to calculate an access token (see our article Getting started with API for code examples).
In this article you will learn about creating API keys as well as several recommendations for managing API keys in order to keep your account secure.
1.0 | Create an API key
Admin permissions are required to access the API Key settings in the OVP. To create an API Key:
- Go to the Publication Settings
- Select “API Keys” in the left menu panel and click “Create New Key”
- Enter the API key “Label” (the “Description” field is optional)
- Select a role that determines the permissions of the API key
- Click save to generate the “Secret” and “ID” value of the API key. Both values are required for authentication (read more about getting started with SAPI)
2.0 | API Key Management: Best Practices
Proper API key management is recommended to keep your account secure. We would specifically recommend the following:
- Create separate API keys for each implementation;
- Delete unused API keys;
- Periodically renew API keys;
- Determine appropriate access permissions for your API keys;
- To avoid exposure to the public, beware not to embed API keys directly in your code or to store API keys in files that are part of your application’s source tree.