API Key Management

There are three steps to create the API Access Token which is used to authenticate API requests.

  1. Generate an API Access Key in the dashboard (this section also covers key removal if no longer required).
  2. Create an HMAC token.
  3. Use the API Access Key and HMAC token to generate an API Access token.

Access to the API requires a valid API Access key ID in Passportal. The access token associated with this key is passed each time a request is made to the API endpoint.

This section covers the steps to:

Generate an API Access Key ID and Secret Access Key

  1. Log into your Passportal dashboard.
  2. In the left pane go to Settings > API Keys.
  3. Click Create access key.
  4. View the Access key ID then click Show key to reveal the Secret access key.
  5. Make a note of the Access key ID and Secret access key. Use the "Copy to clipboard" button to copy the Secret access key to the computer's clipboard then store the key in a secure location.
  6. The Secret access key is only viewable in the Create access key dialog. After closing this dialog, the Secret access key is no longer accessible.

  7. Click Close to exit out of this dialog and return to the API Keys Management page that lists all access key IDs for your account.

After generating the API Access Key ID and Secret Access Key, the next step is to Create an HMAC Token token.

Delete an API Access Key ID

As a security precaution we recommend removing any API Access keys that are no longer required, or known to someone who has left the company.

  1. Log into your Passportal dashboard.
  2. In the left pane go to Settings > API Keys.
  3. Review the Access key id list. This includes when the key was Created and Last used along with its current status.
  4. Click the delete (trash can) against any keys you wish to remove.
  5. View the Access key ID then click Show key to reveal the Secret access key.
  6. An API Key cannot be used to access the API once the key is deleted from the Dashboard. After deleting an API Key please ensure that all requests that used this key, and its HMAC token, are updated to use the new API key and HMAC token.