Managing Your API Keys

March 26, 2020 Contributors

**Configuration Change. ** As of version 4.1, API authentication is enabled by default. For instructions to disable it, see Enforcing REST API/UI User Authentication . Version 4.2 and later add View Adaptive Delivery Data grant type.

When API authentication is enabled, all APIs require that you authenticate with every request by providing an Authorization header with a value equal to a valid API key. The API key must have the appropriate permissions to use the API. Using the UI, administrators can view details about the existing API keys, create new API keys, update existing API keys, and delete API keys no longer need.

Click admin in the upper-right corner, as shown in “admin Username”, to open the Settings section.

Viewing Your API Keys

The Settings section provides a tabular view of your existing API keys, as shown in “API Keys Table”. The following information is displayed in the table for each API key:

  • Key – Label specified when you created the API key

  • Permissions – Valid grant types for which the API key will have access

API keys can access any resource you give them access to except for the user resources. This restriction is for security reasons. An API key should not be able to modify users. If your key gets loose, this restriction prevents it from being used to gain unfettered access to your system accounts. In “API Keys Table”, example_api_key has access to metrics, webhooks, and transmissions.

To create an API key that meets your specific requirements, you must understand the permissions required by each API. Table 44.1, “Grant Types” gives a mapping of the permissions for a given grant type.

Grant Privileges
View Metrics GET requests on /api/v1/metrics
View Adaptive Delivery Data GET requests on /api/v1/adaptive-delivery
View Webhooks GET requests on /api/v1/webhooks
Modify Webhooks GET, POST, PUT, DELETE requests on /api/v1/webhooks
View Templates GET requests on /api/v1/templates
Modify Templates GET, POST, PUT, DELETE requests on /api/v1/templates
Preview Templates POST requests on /api/v1/templates
View Transmissions GET requests on /api/v1/transmissions
Modify Transmissions GET, POST, PUT, DELETE requests on /api/v1/transmissions
Send via SMTP Allow this API Key to perform SMTP injection (Note that your configuration must support SMTP authorization.)
Manage recipient lists GET, POST, PUT, DELETE requests on /api/v1/recipient-lists