Authorizing Management API
This article documents how to generate and manage API keys for Management API.
Introduction
When using the Management API, you need to authorize your requests with a key.
You can generate a Management API key in two ways:
For more information on how to refresh an API key, see Refreshing a Management API key.
Generating an API key through Management API
To obtain an API key for the Adverity Management API, follow these steps:
-
Create a POST request to the following endpoint:
https://{{INSTANCE}}/api/auth/token/
-
In the HTTP request header, include the parameter
Content-Type
with valueapplication/x-www-form-urlencoded
. -
In the HTTP request body, include the
username
andpassword
parameters, and then include your respective values for these parameters. -
(Optional) In the HTTP request body, include the
expires_in
parameter to configure the expiration duration for the API key.
Import the request example as raw text to your HTTP client (such as Postman). The cURL request example is the following:
curl --location --request POST 'https://{{INSTANCE}}/api/auth/token/' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-raw '{
"username"="{{USERNAME}}",
"password"="{{PASSWORD}}",
"expires_in":"{{EXPIRATION}}"
}'
Example of JSON response:
{
"username": "your.username@example.com",
"token": "123",
"expires_in": null
}
As a result, an API key for Management API has been generated and returned in the response in the token
field.
When sending requests to Management API, include this API key in the request header in the following way:
--header 'Authorization: Token {{KEY}}'
Generating an API key in Adverity
You can generate and manage Management API keys in the Administration page in Adverity. These keys are assigned to a workspace and give access only to this workspace and its child workspaces.
Management API keys generated in the Administration page have the following limitations:
-
Management API keys can only be generated by a user with Administrator permissions in the root workspace. For more information, see Managing user permissions.
-
You can generate up to 5 keys per workspace.
-
API keys generated in the Administration page do not expire.
Generating a Management API key
To create a Management API key, follow these steps:
-
In the Administration.
, click -
In the Management API keys.
, click -
In the top right corner, click Create key.
-
In the Name field, enter a name for this key, so you can identify it later.
-
In Select workspace, select the workspace to which this key will be assigned.
You will be able to use this key to access the selected workspace and all its child workspaces.
-
In Permissions, select whether this key has Read-only or Write permissions.
-
Click Create API key.
-
Click Copy to copy the generated key.
The generated key is only displayed once. You will not be able to copy the key again after this pop-up window closes.
-
Click Close.
As a result, you have generated and copied an API key for Management API and assigned the key to the selected workspace.
When sending requests to Management API, include this API key in the request header in the following way:
--header 'Authorization: Bearer {{KEY}}'
Revoking a Management API key
To revoke a Management API key, follow these steps:
-
In the Administration.
, click -
In the Management API keys.
, click -
Find the key which you want to revoke.
-
Click Select an action in the key's row.
-
Click Revoke.
-
In the confirmation dialog, enter the key name.
-
Click Delete API key.
As a result, the key is permanently deleted.
Refreshing a Management API key
To refresh a Management API key, follow these steps:
-
Create a POST request to the following endpoint:
https://{{INSTANCE}}/api/v1/auth/keys/current/rotate/
-
In the HTTP request header, include the parameter
Authorization
with one of the following values:-
Token {{KEY}}
if you use a key generated with user credentials in Management API. -
Bearer {{KEY}}
if you use a key generated in the Adverity user interface.
-
-
Send the request.
Import the request example as raw text to your HTTP client (such as Postman). The cURL request example is the following:
curl --location -g --request POST 'https://{{INSTANCE}}/api/v1/auth/keys/current/rotate/' \
--header 'Authorization: Token {{KEY}}'