Authentication with API Keys

This page explain to Optimization Server integrator how to use API Keys. API Keys are simple encrypted tokens that identify an application in Optimization Server. They allow to query Master API. with the same authorizations as the user who has created the API Key.

API Key diagram

How to create an API Key

In order to create an API Key, you need to be connected to the Optimization Server web console with a user who has the API_KEY_BACKOFFICE role in Keycloak.

  1. Access to the API Key management view in the web console. API Key management menu

  2. Click on the plus button in the API Key management view header. API Key management menu

  3. Name your API Key (usually give the name of the third party application). Optionally give an expiration date to your API Key. And finalyse the creation by clicking on the Create button. API Key management menu

Your API Key is now created and a confirm dialog display it.

API Key management menu

Please keep it carrefully since it can't be recovered. Lost API Keys need to be deleted and recreated.

Use an API Key

You can transmit the API Key for your API queries through query parameters or headers.

Example:

For example, available tasks can be listed using query parameter:

GET /tasks?api-key=36e2326d-a3f5-4a1c-80cd-9c5e61111f5d

Or if you prefer to use the API Key header you can try the following one:

GET /tasks
X-Api-Key: 36e2326d-a3f5-4a1c-80cd-9c5e61111f5d

Delete an API Key

If you suspect you API Key to have been compromised or if you wan't to revoke an access to an application that do not need it anymore, you will need to delete the API Key.

  1. Access to the API Key management view in the web console. API Key management menu

  2. Click on the trash button in the API Key management view header. API Key management menu

  3. A confirm dialog will ask you to confirm the deletion, click on the Delete button. API Key management menu

Your api is now deleted.