Client credentials are used to add programmatic access to ION. This can be used for scripting, automation and IoT devices. Users create these keys in their Organization and manage, update and delete them via the API/UI.

A few details regarding these API Keys:

• Each API key is specific to the environment you generated them in; i.e. API keys created in a production environment will not work for the sandbox environment.

• The API key will work hold the same permissions as that user had when the API key was generated. If the user permissions change after the API key is generated, that will not impact the permissions the API key has.

• Generating a new set of API keys does not impact previously generated API keys, they will continue to function unless disabled.

These are operations can be done with the following queries and mutations.

Create API Key

mutation CreateAPIKey {
    createApiKey {
        apikey {
            clientId clientSecret
        }
    }
}

List API Keys

query APIKeys {
    apiKeys {
        edges {
            node {
                clientId clientSecret id _etag
            }
        }
    }
}

Update API Key (for enabling/disabling and regenerating Client Secrets)

mutation UpdateAPIKey($input: APIKeyInput!) {
    updateApiKey(input: $input) {
        apikey {
            clientId clientSecret enabled
        }
    }
}

{
  "input": {
    "clientId": <your-client-id>,
    "enabled": true | false,
    "regenerateSecret": true | false
  }
}

Delete API Key

mutation DeleteAPIKey($input: APIKeyInput!) {
    deleteApiKey(input: $input) {
        apikey {
            clientId
        }
    }
}

{
  "input": {
    "clientId": <your-client-id>,
    "_etag": <your-api-keys-_etag>
  }
}