In this topic, the primary goal is to help you build a mental model of API keys and help you understand Inkit’s security layer. Thus, you will learn why we use API keys and how they benefit you as a user and organization.
Whenever you or your systems send out a request, we check up on who you are.
Our authentication system verifies whether you are a trusted user or connecting system. Meaning, it prevents malignant users from accessing your organization’s environment.
The API key is like a ‘password’ letting in your connecting system.
So let’s zoom in on how this works. First, every request you make consists of an HTTP data packet containing your request data in JSON format.
Within the JSON headers of your request, the Inkit API expects you to include a field called X-Inkit-API-Token containing your API key.
We verify if your API key is valid and has the appropriate authentication. If so, your request is accepted, and you are returned a 200 successful request response code.
While API keys provide authentication and check if you have valid access to your organization, they also provide varying authorization levels.
By assigning permissions through roles to your API keys, you can decide which API keys have access to what data and what behaviors.
In short, API keys let you determine who or what system gets in. However, they also let you decide on how much said users or systems could do.
Providing you with extensive, customizable security measures is the core power of the Inkit Render’s management & security layer.
Updated 5 months ago