Zephr User Guide

API Keypairs

81 views 0

The Zephr REST API is secured using keypair authentication. Once a keypair has been created against an Admin User, a request can be signed using an HMAC algorithm to allow the request to be executed with the role and identity of the Admin User who owns the keypair.

Keypairs created in the admin console allow an integration service to act on behalf of the user who generates them.

NOTE: Because Key Pairs are user-specific, we recommend you create a generic admin user within your Zephr Console – for example team@<yourcompany>.com – and create relevant Key Pairs within this user. This means that you will not lose key pairs if a user’s access is removed.

Configuring Keypairs

To create and manage a keypair, click the Admin User Settings in the top right corner of the Zephr Admin Console, then select Key Pairs.

Here you will see a list of all current keypairs.

To create a keypair, click Issue Keypair and take note of the access key and secret key. This is very important, as you will not be able to retrieve the secret key after it is initially displayed.

You can add notes to the keypair from the context menu in the list of keypairs.

You can also create keypairs via the REST API if required:

POST /v3/admin/users/{user_id}/keypairs

Note that no body is required in this request.

The response will be:

   "access_key": "access key...",   
   "secret_key": "secret key...",   
   "message": "Keypair created: you will not be able to recover the secret, so take note of it" 

The secret key can never be recovered so it is important to record the payload from this request and store it securely.

To delete a Keypair, navigate to the list of Keypairs and click Delete. You will be asked to confirm your selection.