Skip to content

Create and Manage API Keys

About API Keys in Joystick

  • An API Key is required to access the dynamic remote configuration content via REST API.
  • An API Key will only be able to access the content of the environment it was created in.
  • In Joystick, the API endpoint is the same for all environments. Changing the API Key will determine which environment the content is retrieved from. In the below example, the same endpoint is used to get "config-a", however because the keys are different, DEV will get "v1" content while PROD will get "v9" content. See Configuration Content Management to learn more about content versioning.

API Key Schematic

Tip

We suggest you create an environment in Joystick for each code environment you have (e.g. Dev, QA, Staging, Production), and provision separate API keys.

When viewing all of the Environments of your Product, select the Environment you want to create/manage an API Keys for.

Select Environment

When you are in an Environment, click the "Environment API Keys" tab.

Select Environment API Keys Tab

The API Key Management Page

You can view existing API Keys, revoke them or create a new API Key.

API Key Management View

Creating an API Key

  • Click the "Create API Key for..." button to bring up the dialog. Enter a friendly name about what the API Key is for, then click "Create API Key".
  • After the API Key is created, you will only be shown the full API Key once. Please save the API Key in a safe place. We do not save or have access to this API Key; it cannot be recovered. If you lose the API Key, a new one will have to be generated.

Create API Key Dialog

Input Description
Key Name A short, friendly name to identify this key and its usage.
Key Permissions See below.

Create API Key Success

API Key Permissions

Type Description
Read Only A Read Only key can retrieve remote configuration in the environment the key has access to. Each key can only access one Environment.
Read and Write A Read and Write API key has permissions to create a new revision of a configuration. You can use this to update your content via API in an automatic / programmatic manner. Please contact our team if you want details on using the update content API.

Revoke an API Key

When you revoke an API Key, it will immediately be disabled. Any subsequent API calls made using it will return 401 Unauthorized. There is no undo to revoking an API Key. Please make sure that the key you are revoking is no longer in use.

Revoke API Key Dialog