Guides
GuidesAPI ReferenceRecipesChangelog

Public and Private API Keys

Suggest Edits

Public and private API keys are used to control access and provide security when interacting with APIs. Take Control supports the use of different public and private API keys, each can have its own permissions, expiration date and allowed IP addresses. In line with recommended security precautions, API keys should be kept secure and hidden.

Public and private API keys are created with a default expiration date of one year, after which they are disabled. However, technicians can re-enable API Keys and change the expiration date at any time, provided the new expiration date does not exceed one year.

Public API Keys

Public API keys can be exposed to the end user and are typically used for client-side applications, for example their device or your website.. These keys provide access to non-sensitive data and operations. Our public API keys ar restricted in scope to limit the actions they can perform and the data they can access.

Use cases:

  • Accessing public resources.
  • Performing read-only operations.
  • Accessing non-sensitive data in client-side applications.

Considerations:

  • Public keys should have specific, limited permissions based on their required tasks. This enhances security and control, and limits the potential damage if a key is compromised.
  • To make tracking easier, it’s good practice to use multiple public keys if they will be used at various integration points.

REST API Usage:

  • "Create a new session" method of the Session API.
  • "Create a new deferred support request" method of the Tickets API.

Private API Keys

Private API keys can be thought of as admin keys and are typically used for server-side applications where the key can be kept secure and hidden from the end user. These keys provide access to sensitive data and operations, allowing full control over the API.

Use cases:

  • Accessing and modifying sensitive data.
  • Performing write or delete operations.
  • Server-to-server communication.

Considerations:

  • Private keys should be kept confidential and stored securely, they should never be publicly exposed.
  • Private keys should have the necessary permissions to perform critical operations.
  • It's essential to rotate private keys periodically to enhance security.

REST API Usage:

  • "Get session history" method of the Session API.
  • All methods for the Technician and Device APIs.

Updated 12 days ago

What’s Next