Securing API Endpoints with Airkit API Tokens and Permissions
Last updated
Last updated
An App API can be configured to require authentication or to be publicly available. This article will cover how to secure an App API endpoint using API Tokens.
If the App API requires authentication, a token must be created. To create a token, go to console.airkit.com and click on API in the left hand navigation. Then click on Tokens > '+New' > enter in a name for the token. You can also configure user variables and IP addresses for additional layers of permissions.
.gif)
Then click Create, which will generate a token.
[block:callout] { "type": "warning", "title": "", "body": "Make sure to safely store the generated token at that moment since it will not be retrievable afterwards." } [/block]
To configure the API to require Authentication, go to Connection Builder and select the API created under 'Web Links'.
Then Click on the checkbox under Requires Authentication. This will enforce the API to have a Bearer token with the API Request.
To add an API Key Group, which is used to give API access to particular users within an organization, go to Configuration Builder, scroll down to API Key Filtering, add an API Key Group. Then select the Token name created previously.
Once the API Key group is configured, then it can be configured to the API.
To test an API that requires authentication, the following header must be set: "Authorization: Bearer " where is replaced with the token generated in the "Creating a Token" section. Below is a screenshot of testing the API from Postman.