Create and Manage API Keys
About API Keys in Joystick
- An API Key is required to access the dynamic remote configuration content via REST API.
- An API Key will only be able to access the content of the environment it was created in.
- In Joystick, the API endpoint is the same for all environments. Changing the API Key will determine which environment the content is retrieved from. In the below example, the same endpoint is used to get "config-a", however because the keys are different, DEV will get "v1" content while PROD will get "v9" content. See Configuration Content Management to learn more about content versioning.
Tip
We suggest you create an environment in Joystick for each code environment you have (e.g. Dev, QA, Staging, Production), and provision separate API keys.
Navigating to API Key Management
When viewing all of the Environments of your Product, select the Environment you want to create/manage an API Keys for.
When you are in an Environment, click the "Environment API Keys" tab.
The API Key Management Page
You can view existing API Keys, revoke them or create a new API Key.
Creating an API Key
- Click the "Create API Key for..." button to bring up the dialog. Enter a friendly name about what the API Key is for, then click "Create API Key".
- After the API Key is created, you will only be shown the full API Key once. Please save the API Key in a safe place. We do not save or have access to this API Key; it cannot be recovered. If you lose the API Key, a new one will have to be generated.
API Key Permissions
| Type | Description |
|---|---|
| Read Only | A Read Only key can request and retrieve any piece of dynamic remote configuration content in the environment it is created in. |
| Read and Write | A Read and Write API key has permissions to create a new revision of configuration in the environment it has access to. You can use this to update your content via API in an automatic / programmatic manner. Please contact our team if you want to update content by API. |
Revoke an API Key
When you revoke an API Key, it will immediately be disabled. Any subsequent API calls made using it will return 401 Unauthorized. There is no undo to revoking an API Key. Please make sure that the key you are revoking is no longer in use.
