Managing Your API Keys

**Configuration Change. ** As of version 4.1, API authentication is enabled by default. For instructions to disable it, see Enforcing REST API/UI User Authentication . Version 4.2 and later add View Adaptive Delivery Data grant type.

When API authentication is enabled, all APIs require that you authenticate with every request by providing an Authorization header with a value equal to a valid API key. The API key must have the appropriate permissions to use the API. Using the UI, administrators can view details about the existing API keys, create new API keys, update existing API keys, and delete API keys no longer need.

Click admin in the upper-right corner, as shown in “admin Username”, to open the Settings section.

The Settings section provides a tabular view of your existing API keys, as shown in “API Keys Table”. The following information is displayed in the table for each API key:

• Key - Label specified when you created the API key

• Permissions - Valid grant types for which the API key will have access

API keys can access any resource you give them access to except for the user resources. This restriction is for security reasons. An API key should not be able to modify users. If your key gets loose, this restriction prevents it from being used to gain unfettered access to your system accounts. In “API Keys Table”, example_api_key has access to metrics, webhooks, and transmissions.

To create an API key that meets your specific requirements, you must understand the permissions required by each API. Table 44.1, “Grant Types” gives a mapping of the permissions for a given grant type.