Skip to main content

API Keys

Generate and assign permissions to API Keys

Updated over a week ago

Overview

External systems require API keys to authenticate and interact with iPaaS.com. Each API key is unique and includes security features like expiration dates and specific permission assignments.

The API key creation interface is similar to role management screens, with an Expiration Time field replacing the Description field.

Viewing API Keys

To view current API keys:

  1. Click User/Role Management to open the User and Role Management screen.

  2. Select API Keys.

  3. Browse the list of current API keys.

From this screen, you can create, view, copy, and delete API keys as needed.

Creating New Keys

NOTE: Once created, an API cannot be edited or changed.

To create an API key:

  1. Click User/Role Management and then select API Keys.

  2. Click Create API Key.​

  3. Enter a name for the API key (typically the external system name).

  4. Select an expiration period:

    • 60 days

    • 90 days

    • 120 days

    • Never Expires

  5. Assign permissions:

    • Expand categories to view specific permissions.

    • Select only the permissions needed for the external system.

  6. Review permission assignments carefully. API keys cannot be edited after creation.

  7. Click Apply to generate the API key.

Using and Managing API Keys

You can view an API key, copy it to the clipboard and then paste it where needed.

Viewing and Copying Keys

To access an existing API key:

  1. Click User/Role Management and then select API Keys.

  2. Click the view icon next to the desired API key.​

  3. Click the copy icon to copy the key to the clipboard, or click Close.

Deleting Keys

To delete an API key:

  1. Click User/Role Management and then select API Keys.

  2. Find the API key you want to remove and click the trash can icon.

  3. Confirm the deletion by clicking Yes when prompted.

Security Best Practices

Best Practice: Regularly review and rotate API keys, especially those set to never expire.

Key Security Guidelines:

  • Use descriptive names to easily identify key purposes.

  • Apply the minimum permissions necessary for each external system.

  • Set appropriate expiration dates based on usage requirements.

  • Monitor key usage and revoke unused keys.

  • Rotate keys regularly to maintain security.

  • Store keys securely in your external systems.

Permission Planning:

  • Review what actions the external system needs to perform.

  • Grant only the specific permissions required.

  • Test with minimal permissions first, then expand if needed.

  • Document key purposes for future reference.

Related Articles
User and Role Management
Role Management
Accessing the API
API Introduction
Heartland Connections and Settings
Did this answer your question?