API Keys

Manage your API keys and authentication tokens securely. Generate new keys and monitor usage.

Your API Keys

Manage your API keys below. Keep your keys secure and rotate them regularly.

Security Best Practices

Follow these guidelines to keep your API keys secure.

Keep Keys Secure

  • Store keys in environment variables
  • Never commit keys to version control
  • Use different keys for different environments

Regular Rotation

  • Rotate keys every 90 days
  • Monitor key usage regularly
  • Remove unused keys immediately

Important Security Notice

Your API keys provide access to your Ademero account. If you suspect a key has been compromised, revoke it immediately and generate a new one. Contact support if you need assistance.

Quick Start Guide

Get started with the Ademero API in just a few steps.

1

Generate API Key

Create a new API key with the appropriate permissions.

2

Add to Headers

Include your API key in the Authorization header.

Authorization: Bearer YOUR_KEY
3

Make Requests

Start making API calls to manage your documents.

Understanding API Keys and Authentication

API keys are essential credentials for secure communication between your applications and the Ademero platform. Each API key serves as a unique identifier that authenticates your requests and determines what resources and operations you can access. When you integrate with Ademero, your application uses these keys to prove its identity and request access to specific features and data.

The Ademero API key management system provides you with complete control over your authentication credentials. You can generate multiple API keys for different environments, applications, or purposes. This flexibility allows you to maintain separate development, staging, and production environments with their own dedicated keys, ensuring better security practices and easier troubleshooting.

Each API key has granular permission settings that determine exactly what your application can do with Ademero services. You can choose between read-only access for retrieving data, write access for creating and updating resources, delete access for removing data, or any combination of these permissions. This principle of least privilege ensures that if a key is compromised, an attacker's capabilities are limited to only the specific operations your key allows.

The lifespan of an API key is an important security consideration. While API keys don't have expiration dates by default, we strongly recommend implementing a key rotation strategy. This means regularly creating new keys and retiring old ones. A common practice is to rotate keys every 90 days or whenever there's a possibility that a key has been exposed. Ademero makes this process simple with just a few clicks in your developer dashboard.

API Key Permissions Explained

Read Permissions

Allows your application to retrieve data from Ademero. This includes fetching documents, retrieving project information, accessing reports, and querying your account data. Read-only keys are ideal for applications that only need to display information or generate reports without modifying anything.

Write Permissions

Enables your application to create, update, and modify resources in Ademero. With write access, you can upload documents, create projects, update settings, and make changes to your account. Always use write permissions only for trusted applications that require modification capabilities.

Delete Permissions

Grants your application the ability to delete documents and resources from Ademero. This is the most sensitive permission level and should only be granted to applications that absolutely need this capability. Always implement proper safeguards before executing delete operations.

Frequently Asked Questions

What happens if I lose my API key?

If you lose or forget your API key, you can generate a new one from this dashboard at any time. The old key will still work until you explicitly revoke it. For security reasons, we recommend revoking the lost key immediately and updating your application to use the new key to prevent unauthorized access.

How can I prevent my API key from being exposed?

Never commit API keys to version control systems like Git. Always store keys in environment variables or secret management systems. On development machines, use .env files that are listed in .gitignore. In production environments, use your deployment platform's native secret management solution such as AWS Secrets Manager, Google Cloud Secret Manager, or similar services.

Can I have multiple API keys at once?

Yes, you can create and maintain multiple API keys simultaneously. This is actually a recommended practice that allows you to have separate keys for different environments and applications. You can label each key descriptively and assign different permission levels to match the specific needs of each key's use case.

How often should I rotate my API keys?

Industry best practices recommend rotating API keys every 90 days or whenever there's a possibility of exposure. If your application experiences a security incident, you should immediately revoke all potentially compromised keys and generate new ones. Additionally, rotate keys whenever team members leave your organization who had access to the keys.

What is API key rotation and why is it important?

API key rotation is the practice of regularly replacing old API keys with new ones. This limits the window of vulnerability if a key is compromised, since an older key will eventually become inactive. Implement automated rotation strategies where possible, and maintain a schedule for manual rotation as part of your security maintenance routine.

Can I track which applications are using my API keys?

Yes, the API key management dashboard shows the last time each key was used. This helps you identify which keys are actively being used and which ones can be safely revoked. Monitor the usage patterns of your API keys to detect unusual activity that might indicate unauthorized access or compromised credentials.