Access keys
Overview
When a new domain is created, a pair of access keys (API key and API secret) is automatically generated. The purpose of these credentials is to provide security for APIs or query protocol communications with Devo API services.
To generate a new pair of access keys, click the Create new API key button on the top right and a drop-down menu will appear with the list of available users in the domain.
You must assign a user to the new pair. The default option is the domain owner, but you can select any other available user.
The third column shown above, named User, will display the email address of the assigned user. Older pairs that were not assigned to a user will appear as Unassigned.
In the event that a user creates a new pair of access keys but doesn't have access to the list of available users, the new pair will be assigned by default to the domain owner. The same theory applies to users deleted from the domain, in that their assigned keys are then automatically reassigned to the domain owner.
To display an API key/API secret, click Show in the required column. A dialog will appear to show the requested value.
To copy the displayed API key/API secret to your clipboard, click the Copy to clipboard icon next to it.
You can add tags to specific sets of credentials to filter them easily in case you have a lot of rows in the table. To do it, click the Tags column in the row where you want to add the tag, enter a keyword in the field that appears and click the + button. Note that these tags are only visible to the individual user.
To delete a pair of access keys, place the cursor on the required row to highlight it and an ellipsis icon will appear at the end of the row. Click it and select Delete.
Important considerations
Note that all access keys have Admin permissions with unrestricted access to the domain.
The goal of assigning a user an access key is simply keeping track of who you gave the credentials to. Bear in mind that the assigned key will have Admin permissions regardless of the role of the assigned user.
If you are looking for more restricted credentials, we recommend using tokens. Tokens are instead user-specific, they are limited to access data and resources to which the assigned user already has permissions. Learn more about tokens in this article.
Access keys and tokens assigned to a deleted user will be reassigned to the domain owner and remain enabled. We recommend disabling them if these credentials are known or accessible by an undesired person.
Access keys and tokens assigned to a disabled user will remain enabled and still assigned to that user.
What permissions do I need?
To enable the Access Keys area to generate new keys or manage existing ones, you need the API Keys permission.
Â