Overview
API keys has been introduced from WebADM 2.3 and is supported with all RCDevs plugins.
Instead of using an SSL certificate for client authentication, you have the option to utilize an API key, which can serve as an alternative for secure communication between a client integration and a targeted web service like OpenOTP. This method can be used with RCDevs software deployed on-premise or in the cloud. One advantage of using an API key is that it potentially does not have an expiration date if you choose not to set one when issuing it. However, API keys are considered less secure than client certificates.
The API key is configured in the plugin or client application settings and is included in every request made by that client to the WebADM framework via an HTTP header.
There is 2 possible ways to issue an API key for your client integration:
- Through the WebADM Administrator Portal;
- Through the WebADM Manager APIs (in upcoming versions);
Issue an API key
Through WebADM Admin GUI
To create an API key in WebADM Admin GUI, follow these steps:
- Log in to your WebADM Administrator portal;
- Click on the
Admin
tab; - Select
Create Web Service API Key
.
You will be redirected to a new page where you need to provide the following information:
- API Key description : Give a description that will help you identify the purpose of this API key.
- Restricted Application(optional): You can restrict the usage of the API key to a specific Web Service.
- API Key Expiration (optional): Set an expiration date for the API key. Once expired, the client application will be unable to communicate with the Web Service associated with this key. For exemple, with OpenOTP, an expired API key will prevent any further logins.
Once you have entered the required information, click the Ok
button to generate the API key.
The API key will be generated, and you will see a confirmation message. Congratulations! Your API key has been successfully generated.
Through WebADM Manager API
Not supported yet, it will be part of an upcoming release.
Manage issued API keys
Once API keys have been issued, you have the ability to revoke them temporarily or permanently. You can also view the last usage of each API key, including its expiration time and the host IP of the last usage.
To temporarily revoke an API key, click the Enabled
radio button associated with that key. This will disable the API key temporarily. If you wish to re-enable the key, simply click the same button again.
Delete an API key will revoke it permanently.
Copy the API key value and you can configure it in RCDevs plugins.