API Keys
Subscription Tier Required
This feature requires the Premier subscription tier or higher.
API Keys are used to connect to the GS backend API without the need for a browser. Common uses for API Keys include:
- Automated data collection.
- Syncing data between GS and other systems.
- Automatically updating specifications.
Settings
| Field | Description |
|---|---|
| Name | The unique name of the API Key. |
| Role | The Role that requests made by this key will use. |
| Locations | The Locations that this Role can access. Only appears if the Role does not have the permisssion Access to all Locations. |
| Language | The language that the server will use to respond to this API Key, and the language used to send messages generated by this API Key. |
Generating an API Key Secret
When an API Key is created, a new key will be generated and displayed to the user. The displayed key consists of an ID and a secret, separated by a .. The key must be copied to a secure location, as the secret will not be displayed again once the dialog is closed. If the key is lost, it will need to be regenerated.
The ID of the API Key will be displayed on both the edit and view page, and may not be updated once the key has been generated. The full API Key must be included to requests to the GS API as a the header GS-Api-Key.
Resetting an API Key
If an API Key is lost or requires rotation, it can be reset on the view page. This will invalidate the current API secret, and any requests made to the backend with the current secret will be rejected.
Although GS does not enforce an API Key rotation policy, it is recommended that API Keys are rotated every 90 days.
Disabling an API Key
It is recommended that unused API Keys are disabled. This will no prevent the key from connecting to GS and will hide it in the list of API Keys. Disabled keys can be re-enabled to restore access without resetting the key.
Disabling and re-enabling an API Key can be done on either the Edit or View page of the API Key using the Disable button. Disabled API Keys can be viewed by checking the Show Disabled box on the API Key list page.
If an API has not been used to create any entities or submit data, it can instead be deleted.
