Skip to content

Commit 4600447

Browse files
annkotsannkots
authored
Merge pull request #123 from quirky4/api_keys_doc
Documentation for API keys management, using API keys on client side
2 parents de2afe1 + 7fb2d2a commit 4600447

File tree

5 files changed

+38
-0
lines changed

5 files changed

+38
-0
lines changed

docs/.vuepress/public/images/api_key_create.png

34.5 KB
Loading

docs/.vuepress/public/images/api_key_generated.png

42.4 KB
Loading

docs/.vuepress/public/images/api_key_list.png

43.8 KB
Loading

docs/eportal-api/README.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,14 @@ kc.eportal user -a api-user -p <password>
1313
It can be useful for SSO/LDAP setups to be able to pass HTTP API credentials via
1414
basic auth.
1515

16+
Starting with version 2.14-1, an API key can be used for authentication
17+
as an alternative to basic authentication.
18+
First, you need to generate an API token using ePortal admin UI.
19+
Then you can put it in the *X-Api-Key* http header. In this case
20+
the Authorization header is no longer needed.
21+
If for some reason the "X-Api-Key" header doesn't work for you,
22+
you can define your own header name in the API_AUTH_HEADER setting in eportal.conf.
23+
1624
In general ePortal API is configuration management friendly and idempotent. You
1725
don't need to make additional request to check existing state. For example
1826
entity deletion doesn't raise an error in case there is no such entity.

docs/eportal/README.md

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -916,6 +916,36 @@ Change feed into delayed feed:
916916
# kc.eportal feed -c test --deploy-after 12
917917
```
918918

919+
## API keys Management
920+
921+
An API key may be used as an alternative to password authentication when accessing public API endpoints.
922+
API tokens provide a more secure way to authenticate APIs because they can be easily revoked
923+
without affecting each other, and you don't need to share your credentials.
924+
925+
To get into API keys Management interface go to Settings -> API keys:
926+
927+
![API keys](/images/api_key_list.png)
928+
929+
On this page a user can manage the existing API keys: create, revoke (delete).
930+
931+
![API key edit](/images/api_key_create.png)
932+
933+
Available options:
934+
935+
* Key name - a name of the API key.
936+
* Expiration date - optional key expiration date.
937+
938+
After generating the key, you will see a bar with a token, as in the picture below.
939+
940+
![API key generated](/images/api_key_generated.png)
941+
942+
This token is not stored on the server, so you need to keep it in a safe place.
943+
Use this token in an API client as described in [ePortal API documentation](/eportal-api).
944+
945+
The API key is personal, meaning it is tied to a specific user and inherits their permissions.
946+
A user with read-only permissions can only manage their own keys,
947+
while an administrator has access to any user's API keys.
948+
919949
## Adding extra Tag field
920950

921951
To add an extra Tag field for the server, run:

0 commit comments

Comments
 (0)