We just introduced API Keys as a new authentication method to call the ReportingCloud API. An API Key is a token that a client provides when making API calls. Instead of sending your username and password using the Basic authentication, a created API Key token is used.
There are several advantages of using API Keys:
ReportingCloud API Keys have secrets that are securely randomly generated strings over 40 characters long with a significantly greater entropy. Typically, usernames (such as e-mail addresses) and passwords are reused across many sites and could be compromised for more than one site.
- Password reset
If you need to reset your ReportingCloud password, you don't have to update your code to match the new password.
ReportingCloud API Keys are independent of the account's master credentials. They can be deleted and created at will - up to 10 API Keys can be created for a single account.
It is possible to create a unique API Key for each project that uses ReportingCloud. In the Information section of each transaction log entry, the used API Key is displayed.
ReportingCloud API Keys are independent of the account's master credentials.
API keys are generally not considered secure. Keep it safe like a username/password combination as ReportingCloud can be used with your quota when one of your API Keys is used. Anyway, if compromised, you can easily delete this API Key and create a new one without resetting your password.
In the Manage Account section, API Keys can be created and deleted as shown in the screenshot below:
The Authorization HTTP header must contain the new method and the key.
The authorization method and a space i.e. "ReportingCloud-APIKey " is then put before the actual API Key string. Sample:
3 new endpoints have been added to the ReportingCloud API to manage API Keys.
This method returns all available API Keys of the current account. The return value is an array of ReportingCloud APIKey objects:
|Key||Value Type||Value description|
|key||String||The actual API Key that belongs to the account.|
|active||Boolean||Specifies whether the API Key is active or not (not used yet).|
This endpoint deletes a given API Key from the account.
This endpoint creates and returns a new API Key.
Test this on your own and create a free test account today.