Manage API keys

Configuration: DOC -> Settings (cog icon) -> APIs

API keys provide programmable access to the DriveLock Enterprise Server (DES) interfaces. They are used for authentication, similar to a conventional user login, but using a key instead of a user name and password.

See the Documentation tab for details on the interfaces.

Types of API keys

  1. Role-based permission

    • Recommended use for controlling and assigning specific permissions

    • Creates a technical user with the name of the API key

    • Possibility to assign rights in detail by assigning roles

  2. Supervisor

    • Enables unrestricted actions without being limited by rights and roles

    • This type of API key is only available in the on-premise version

  3. Register linked DES

    • Enables the registration of a linked DES

    • Only available in the Managed Services version

    • No need with existing standard proxy that supports WebSockets

Possible actions

  • You can create a new API key via or .

  • Click the menu in the Action column if you want to change the runtime of an API key or regenerate it completely. If you change the runtime, the current key will be updated. Regenerating creates a completely new key that can be used independently of the old key.

Conceptual design of an API

Handling an API in the DOC is treated in the same way as handling an account. An API manager therefore needs the following additional roles and permissions to work effectively:

  • An API manager can only pass on the permissions they own.

  • The purpose of the restricted access is to prevent an escalation of rights and security risks.

  • To ensure that no one is granted more rights than originally intended.

When appointed as an API manager, the individual automatically receives the following permissions. They allow the API manager to efficiently manage and control the APIs and the associated permissions and roles.

  • Accounts_Manage

  • Accounts_Read

  • Permissions_Manage

  • Permissions_Read

It is essential for reasons of data protection and security that the API manager only passes on the rights that they hold themselves in order to ensure a high level of security and minimize risks.