Skip to main content

Authentication

To establish connectivity with an Inspectorio Server API, you can now use an API Key

What is an API Key?​

An application programming interface key (API Key) is a unique code, primarily used to identify and authenticate an application or user. An API Key identifies and validates the source of an API request.

Inspectorio’s API Keys are unique, random, and non-guessable. API Keys that are generated by Inspectorio use alphanumeric, special characters and they don’t expire unless removed.

Why do we use API Key?​

To establish connectivity with an Inspectorio API, you must authenticate your request.

Inspectorio already supports API authentication with a login token by using a username and hashed password. With the current implementation, this token expires after 24 hours and you must re-login or refresh this token.

Using the API Key authentication, you can make the integration between Inspectorio APIs and your server easier.

How do I generate my API Keys?​

Quality Risk Management / Production Management​

An Admin or Account Owner of your organization on Quality Risk Management / Production Management has permission to access the API Keys page to create and manage API Keys by navigating to Configuration -> API Keys menu item. API Key page

An API Key will be generated and activated automatically when you click on the Create API Key button on this page. Create API Key

Responsible Sourcing & Compliance​

An Admin or Account Owner of your organization on Responsible Sourcing & Compliance (RSC) has permission to access the API Keys page to create and manage API Keys by navigating to My Organization -> API Key menu tab item. API Key page

An API Key will be generated and activated automatically when you click on the Create API Key button on this page. Create API Key

How do I authenticate my API requests by an API Key?​

After having an API Key in your organization from the Inspectorio platform, you can use this Key to authenticate your requests by adding the Header key: apiKey with the value of the created Key (You don’t need to send Login API to get login token anymore).

The API Key will be valid until it is removed from your API Keys page. If you try to authenticate with the wrong API Key value or an API Key already removed from the Inspectorio platform, you will see the following error message in the response body.

{
"errorCode": "Generic",
"message": "API Key is invalid"
}

API Key identification and storage​

An organization can have multiple API Keys. The API Keys are secure and usable only within one organization. You cannot use your API Key to send an API request for another organization. Please make sure you store your API Keys safely somewhere before navigating out from this page because Inspectorio will not store the key as our security policy, and we cannot restore it for you later.

When you navigate back to the API Keys page, your API Key will be shown as hidden text. We just display the prefix as a hint to remind you a little about the Key. We recommend that you should add a description for each API Key, so that you can track the purpose of each Key later. API Key Storage

By using this API Key feature, you also can:

  • Create multiple API Keys for your organization to use for different departments/teams/purposes
  • Add a description for each API Key to describe the usage purpose of the API Key or which team/department is using the key
  • Remove any API Keys from Inspectorio platform (The removed API Key cannot be used to authenticate your request to Inspectorio Server API anymore). API Key Description