Guides
GuidesAPI ReferenceRecipesChangelog

Managing API Keys and Viewing the API Domain

Suggest Edits

Overview

This guide will help you manage your API keys and view the API domain for Take Control. API keys enable you to control access and ensure secure interactions with our APIs. In this guide, you'll learn how to create, configure, and manage API keys, as well as locate the API domain for your account.

Public and Private API Keys

Public and private API keys control access and provide security for API interactions. Take Control supports both types of keys, each with customizable permissions, expiration dates, and allowed IP addresses. Keep API keys secure and hidden. Learn more

API keys expire by default after one year but can be re-enabled and extended by technicians, up to a maximum of one year.

Public API Keys

You can expose public API keys to end users, typically using them for client-side applications like devices or websites. These keys access non-sensitive data and operations. We restrict public API keys to limit the actions they can perform and the data they can access.

Use cases:

  • Accessing public resources.
  • Performing read-only operations.
  • Accessing non-sensitive data in client-side applications.

Considerations:

  • Public keys should have specific, limited permissions based on their required tasks. This enhances security and control and limits the potential damage if a key is compromised.
  • To make tracking easier, it’s good practice to use multiple public keys if they will be used at various integration points.

REST API Usage:

  • "Create a new session" method of the Session API.
  • "Create a new deferred support request" method of the Tickets API.

Private API Keys

Think of private API keys as admin keys used for server-side applications where the key remains secure and hidden from the end user. These keys access sensitive data and operations, providing full control over the API.

Use cases:

  • Accessing and modifying sensitive data.
  • Performing write or delete operations.
  • Server-to-server communication.

Considerations:

  • Private keys should be kept confidential and stored securely; they should never be publicly exposed.
  • Private keys should have the necessary permissions to perform critical operations.
  • It's essential to rotate private keys periodically to enhance security.

REST API Usage:

  • "Get session history" method of the Session API.
  • All methods for the Technician and Device APIs.

Configuring and Managing Your API Keys

To interact with the Take Control API, you need to create a REST API key. This key acts as a secure identifier, allowing authorized users to access and manage the features of the API. Obtaining an API key ensures seamless and secure communication between your applications and our remote support tool.

Creating an API Key

Follow these steps to create an API key:

  1. Navigate to the API Keys section of the dashboard by going to Management > API Keys.
  2. Click Create Key.
  3. Complete the Create API Key dialog:
    • Description: Enter a description to help you identify the API key.
    • Expiration Date: Specify when the key will expire.
      • API keys have a default expiration of one year, after which they become inactive. Technicians can re-activate and adjust the expiration date, provided it does not exceed one year.
    • Key Type: Choose whether the key will be public or private.
    • Permissions: Select the API endpoints that the key is allowed to interact with.
    • Whitelisted IPs: Provide a list of IP addresses authorized to use the API key for added security.
  4. After setting up the API key, click Create Key to generate it.

🚧

Important Note

Once generated, securely store your API key. Do not share it publicly or expose it in your application code.


Managing Your API Keys

  1. Review the API keys associated with your account under Management > API Keys.
  2. To filter or narrow down the keys displayed, use the options in the left panel or the search function. You can search by key content, description, or allowed IP addresses.
  3. Check the box next to a key to view additional information, copy the API key to your clipboard, or access the top menu options:
    • Disable Key: Deactivate the selected key.
    • Edit Key: Apply changes, such as adjusting the expiration date (up to a maximum of one year).

Viewing Your API Domain

The API domain is the main location for all API-related activities and serves as the gateway for interacting with your API. To view the API domain for your Take Control account:

  1. Go to Profile > APIs.
  2. Navigate to the REST APIs tab.
  3. View your API domain, along with links to the API Key Manager and Swagger API Documentation.

The API domain allows you to interact with the API endpoints, test your integrations, and manage your keys effectively.

Updated 12 days ago