Create and Manage API Keys
About API Keys in Joystick
- An API Key is required to access the dynamic remote configuration content via REST API.
- An API Key will only be able to access the content of the environment it was created in.
- In Joystick, the API endpoint is the same for all environments. Changing the API Key will determine which environment the content is retrieved from. In the below example, the same endpoint is used to get "config-a", however because the keys are different, DEV will get "v1" content while PROD will get "v9" content. See Configuration Content Management to learn more about content versioning.
Tip
We suggest you create an environment in Joystick for each code environment you have (e.g. Dev, QA, Staging, Production), and provision separate API keys.
Navigating to API Key Management
When viewing all of the Environments of your Product, select the Environment you want to create/manage an API Keys for.
When you are in an Environment, click the "Environment API Keys" tab.
The API Key Management Page
You can view existing API Keys, revoke them or create a new API Key.
Creating an API Key
- Click the "Create API Key for..." button to bring up the dialog. Enter a friendly name about what the API Key is for, then click "Create API Key".
- After the API Key is created, you will only be shown the full API Key once. Please save the API Key in a safe place. We do not save or have access to this API Key; it cannot be recovered. If you lose the API Key, a new one will have to be generated.
| Input | Description |
|---|---|
| Key Name | A short, friendly name to identify this key and its usage. |
| Key Permissions | See below. |
API Key Permissions
| Type | Description |
|---|---|
| Read Only | A Read Only key can retrieve remote configuration in the environment the key has access to. Each key can only access one Environment. |
| Read and Write | A Read and Write API key has permissions to create a new revision of a configuration. You can use this to update your content via API in an automatic / programmatic manner. Please contact our team if you want details on using the update content API. |
Revoke an API Key
When you revoke an API Key, it will immediately be disabled. Any subsequent API calls made using it will return 401 Unauthorized. There is no undo to revoking an API Key. Please make sure that the key you are revoking is no longer in use.
