API keys

API keys are character strings that are used for authenticating and authorizing RESTable API consumers in a role-based fashion. Whether API keys are required for a specific RESTable web service or not is decided by the application developer, but for services that require them, the consumer is expected to include a valid key in the Authorization header in HTTP requests. Failure to do so will result in a 403: Forbidden response. The administrator will set up and manage these API keys for web services that require them. It’s best practice to set up an admin key with a wide scope and more restricted consumer keys with well-defined roles.

For applications that use API keys, the developer will have defined a location for a configuration file. To add an API key to this file, we insert an ApiKey object inside the ApiKeys array.