Skip to main content

API Keys

In API key management page, company administrators can create new API key sets and enable therefore developers to integrate the Brand Secure System in Third Party Software.

Important information

Important

Consider API keys as special passwords and treat them accordingly. In particular, you must not pass them on under any circumstances.

In contrast to employees, there are some relevant differences:

  • No login is required. Possession of the API key is sufficient
  • The authorizations of an API key cannot be changed retrospectively
  • API keys can only be managed by company administrators

If there is a problem with the key, it can be rotated by an administrator at any time and thus invalidated. Please note that any production machines for which the key is stored can then also no longer use it.

In API key management, company administrators can create new API key sets by pressing the corresponding button.

Api Key Set Overview Management Page

When creating the key set, a name, expiration date (unlimited in time) and the authorizations are required.

Important: The authorizations cannot be changed afterwards!

A new key set must be created for this scenario.

Api Key Set Overview Management Page

Important: Directly after creation is the only time when the keys can be copied! If they are lost, the keys must be replaced!

Api Key Set Overview Management Page

Each key set contains two active keys, which can be switched between at will. This makes it possible to replace the keys at different times and ensure uninterrupted use.

The key set you have just created now appears in the main view. It can be renamed or removed here.

Important: Removing an API key set is an action that cannot be undone!

The following information is displayed in the table:

  • Key type (primary/secondary)
  • Prefix (for later matching/assignment)
  • Status (valid/expired/revoked)
  • The date from which the key expired

Api Key Set Overview Management Page

It is possible to replace individual keys if a key has expired or been compromised. All you need to do is enter a new expiration date.

Important: The previous key becomes invalid immediately. Do not rotate keys that are in use (unless they have been compromised)!

Api Key Set Overview Management Page

Replaced keys are still visible in the overview. This means you can always see when a key was replaced.

The following information is displayed for replaced keys:

  • Prefix (for later matching/assignment)
  • The date from which the key was replaced

Api Key Set Overview Management Page

Executing a request

The X-Api key header must be set for authentication:

X-Api-Key: bss_05a426..._b9bfc3... (API key is shown in abbreviated form)

This gives the request the access rights of the API key.