Skip to main content
Skip table of contents

API keys

API keys are the default method to authenticate with DCT. This is done by including the key in the HTTP Authorization request header with type apk.

API keys are long-live tokens and as a result, do not automatically expire in the future. They remain valid until they are deleted or destroyed from DCT.

Assume the following is a sample key:

CODE
1.0p9PMkZO4Hgy0ezwjhX0Fi4lEKrD4pflejgqjd0pfKtywlSWR9G0fIaWajuKcBT3

The cURL command example would appear as:

NONE
curl --header 'Authorization: apk 1.0p9PMkZO4Hgy0ezwjhX0Fi4lEKrD4pflejgqjd0pfKtywlSWR9G0fIaWajuKcBT3'

cURL (like web browsers and other HTTP clients) will not connect to DCT over HTTPS unless a valid TLS certificate has been configured for the Nginx server. If this configuration step has not been performed yet and the risk is comprehended, you may disable the check in the HTTP client. For instance, this can be done with cURL using the --insecure flag.

The cURL version must be 7.43 or higher.

Create and manage API Keys

The initial API key created should be used to create a new admin secure key. This is done by creating a new Account entity and setting the generate_api_key. The "username" attribute should be the desired name to uniquely identify the account.

NONE
curl --location --request POST 'https://<hostname>/docs/v2/management/accounts' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: apk 1.0p9PMkZO4Hgy0ezwjhX0Fi4lEKrD4pflejgqjd0pfKtywlSWR9G0fIaWajuKcBT3' \
--data-raw '{
   "username": "secure-key",
   "generate_api_key": true
}'

If the cURL version being used is below 7.43, replace the --data-raw option with --data.

A response should be received similar to the lines below:

NONE
{
   "id": 2,
   "token": "2.vCfC0MnpySYZLshuxap2aZ7xqBKAnQvV7hFnobe7xuNlHS9AF2NQnV9XXw4UyET6"
   "username":"secure-key"
}

Now that the new and secure API key is created, the old one must be deleted for security reasons since the key appeared in the logs. To do this make the following request:

NONE
curl --location --request DELETE 'https://<hostname>/dct/v2/management/api-clients/<id>' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: apk 2.vCfC0MnpySYZLshuxap2aZ7xqBKAnQvV7hFnobe7xuNlHS9AF2NQnV9XXw4UyET6'

The ID referenced above is the numeric ID of the Account. It is the integer before the period in the token. For example, the ID of 1.0p9PMkZO4... is 1.

Finally, to list all of the current Accounts, make the following request:

NONE
curl --location --request GET 'https://<hostname>/dct/v2/management/accounts/' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: apk <your API key>'

API key regeneration

Non-admin user accounts now have support for regenerating the API key in DCT version 23.0.0. This can be accessed after clicking your account name in the top-right corner of the application.

image-20241026-211820.png

The following API endpoints can be utilized for this feature:

Regenerate

  • API Endpoint: /management/accounts/api-key-regenerate

  • Inputs: Old API Key

  • Outputs: New API Key

API key expiration

Support has been implemented to rotate the API key for another user account. This action is only allowed if the user has the necessary permissions to rotate/regenerate the API key for other accounts. A running DCT instance with VDBs is required. 

The following API endpoints can be utilized for this feature:

Regenerate 

  • API Endpoint: /management/accounts/{id}/api-key-reset 

  • Inputs: User account ID

  • Outputs: New API key 

Delete API Key 

  • API Endpoint: /management/accounts/{id}/api-key-delete 

  • Inputs: User account ID 

DCT version 23.0.0 introduces the capability to view and edit security settings for API Key Expiry and Inactive Session Timeout. This is accessible under Admin → Authentication tab. The following API additions are included.

The following API endpoints can be utilized for this feature:

Update Properties 

  • API Endpoint: /management/properties/ 

  • Input: Object of properties with value in seconds 

  • Output: Properties with updated value 

Get Properties 

  • API Endpoint: /management/properties/ 

  • Output: Properties

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.