API Keys

ION features the ability to create API client credential sets which can be used by developers to create automated systems that interact with ION's core features.

Client credentials are used to add programmatic access to ION. This can be used for scripting, automation and IoT devices. Users create these keys in their Organization and manage, update and delete them via the API/UI.

A few details regarding these API Keys:

Each API key is specific to the environment you generated them in; i.e. API keys created in a production environment will not work for the sandbox environment.
The API key will work hold the same permissions as that user had when the API key was generated. If the user permissions change after the API key is generated, that will not impact the permissions the API key has.
Generating a new set of API keys does not impact previously generated API keys, they will continue to function unless disabled.
Any automation or integration that utilizes that API key will commit actions on behalf of the user that created them
API keys are automatically disabled when the user is deactivated.

You need the APIKeyObject family of permissions in order to work with API Keys. See Role based access controlfor more details.

We recommend using a service account for automations and integrations!

These are operations can be done with the following queries and mutations.

Create API Key

mutation CreateAPIKey {
    createApiKey {
        apikey {
            clientId clientSecret
        }
    }
}

List API Keys

query APIKeys {
    apiKeys {
        edges {
            node {
                clientId clientSecret id _etag
            }
        }
    }
}

Update API Key (for enabling/disabling and regenerating Client Secrets)

mutation UpdateAPIKey($input: APIKeyInput!) {
    updateApiKey(input: $input) {
        apikey {
            clientId clientSecret enabled
        }
    }
}

{
  "input": {
    "clientId": <your-client-id>,
    "enabled": true | false,
    "regenerateSecret": true | false
  }
}

Delete API Key

mutation DeleteAPIKey($input: APIKeyInput!) {
    deleteApiKey(input: $input) {
        apikey {
            clientId
        }
    }
}

{
  "input": {
    "clientId": <your-client-id>,
    "_etag": <your-api-keys-_etag>
  }
}

Service Accounts

Service accounts decouple API keys from users who may get deactivated and clearly indicates that a service account is committing actions in ION and not any given team member. A service account is an email that your company creates and maintains outside of an employee's email that multiple people may be able to access as needed.

PreviousInteractive API explorer NextExamples

Last updated 1 year ago

Was this helpful?

hashtagService Accounts

Service Accounts