We just introduced API Keys as a new authentication method to call the ReportingCloud API. An API Key is a token that a client provides when making API calls. Instead of sending your username and password using the Basic authentication, a created API Key token is used.

There are several advantages of using API Keys:

  • Entropy
    ReportingCloud API Keys have secrets that are securely randomly generated strings over 40 characters long with a significantly greater entropy. Typically, usernames (such as e-mail addresses) and passwords are reused across many sites and could be compromised for more than one site.
  • Password reset
    If you need to reset your ReportingCloud password, you don't have to update your code to match the new password.
  • Independence
    ReportingCloud API Keys are independent of the account's master credentials. They can be deleted and created at will - up to 10 API Keys can be created for a single account.
  • Traceability
    It is possible to create a unique API Key for each project that uses ReportingCloud. In the Information section of each transaction log entry, the used API Key is displayed.

ReportingCloud API Keys are independent of the account's master credentials.

API keys are generally not considered secure. Keep it safe like a username/password combination as ReportingCloud can be used with your quota when one of your API Keys is used. Anyway, if compromised, you can easily delete this API Key and create a new one without resetting your password.

In the Manage Account section, API Keys can be created and deleted as shown in the screenshot below:

API Keys

The Authorization HTTP header must contain the new method and the key.

The authorization method and a space i.e. "ReportingCloud-APIKey " is then put before the actual API Key string. Sample:

Authorization: ReportingCloud-APIKey oMDM4MrAqL9QEOpyzupnQW5NjvCNtvE5cVDaaLqxI
view raw test. hosted with ❤ by GitHub

3 new endpoints have been added to the ReportingCloud API to manage API Keys.


This method returns all available API Keys of the current account. The return value is an array of ReportingCloud APIKey objects:

Key Value Type Value description
key String The actual API Key that belongs to the account.
active Boolean Specifies whether the API Key is active or not (not used yet).


This endpoint deletes a given API Key from the account.


This endpoint creates and returns a new API Key.

The .NET and .NET Core wrappers have been extended to support this new authentication method and API endpoints. The other wrappers will be updated very soon.

Test this on your own and create a free test account today.