Note: This is a highly technical article. Therefore, we recommend involving your IT department when reading this. Should you have any inquiries or requests, please contact us through support@azumuta.com - we'd be happy to assist you.
API keys authenticate requests to Azumuta’s REST API. Each key belongs to an API device in your workspace. You manage those devices on the API Devices page.
How to Create an API Key
- Go to Management → Devices → API tab. The page title is API Devices.
- Click Add device.
- Enter a Name, set Type to Api Device, then click Add.
Azumuta creates the device and generates an API key for it.
For more on the Devices pages in general, see How to See the List of Devices That Are Logged in on Your Workspace.
How to Copy an API Key
You can copy a key in either of these ways:
- On the API Devices list, open the row menu for the device and click Copy API key. A snackbar shows Copied.
- Or click Edit device, find API attributes, then use the copy icon next to the API key field.
How to Authenticate API Requests
Send the key in the X-API-Key request header. That is the recommended method.
You can also pass the key as an apiKey query parameter. Prefer the header when you can.
All API requests must use HTTPS. Requests over plain HTTP fail. Requests without a valid key also fail.
Important: Never put an API key in browser client code, public repositories, or any place outside your company. Treat keys as secret credentials for server-side integrations only.
Environment Scope
API keys are environment-scoped. A key created on your sandbox host works only against that sandbox environment. A production key works only against production. Using a sandbox key against production (or the reverse) returns an authentication error.
Optional: API Scopes
If the API scopes experiment is enabled for your workspace, you can restrict what a key may do. Open Edit device → Security, then configure API scopes. When that option is not available for your workspace, the key has the default access for an API device.