Using API Keys

Security And Permissions

Overview

API key is a unique identifier that allows you secure, password-free access to TopTeam REST API. You can generate API keys for your account from the TopTeam user interface. The interface provides key management functionalities for managing API keys. These keys are essential for secure authentication and authorization within the system.

Version Information: The API Key management feature described in this article is available starting from TopTeam version 20.60. In this article, we show you how to:

Prerequisites

You must be a System Administrator or have the Manage Access Tokens permissions to manage API Keys.

Viewing API Keys

Step 1. Navigate to the Manage Personal API Keys screen

C:\Users\admin\AppData\Local\Temp\SNAGHTMLe3b06bf.PNG

Step 2. View Personal API Keys

Creating API Keys

Step 1. Click New Key

Step 2. Specify the key details

Specify the key details, such as name, description (optional) and validity period.

Step 3. Copy the generated key

After generating the key, be sure to copy and securely store it. For security reasons, the key will not be displayed again.

API Key has been successfully created



Using API Keys

Use your API Key for authentication in TopTeam. The API key can be included in the request’s Authorization Header. The Authorization Header follows the Basic authentication scheme. Here, the API Key, along with an empty username, is encoded in Base64 format.

 Authorization: Basic base64(username:APIKey)
Replace username with an empty string and APIKey with your actual API Key.

Example in JavaScript: 
const request = require('request')

// Define the URL you want to request
const url = ‘http://myCompany.com/rest/ttmRESTSrv.dll/2/projects’;

// Define your api key
const accessToken = 'your_api_key';

// Set up the request options
const options = {
    url: url,
    headers: {
        'Authorization': 'Basic ' + Buffer.from(':' + accessToken).toString('base64')
    }
};

// Make the HTTP request
request(options, function(error, response, body) {
    if (!error && response.statusCode === 200) {
        console.log('Response body:', body);
    } else {
        console.error('Error:', error);
        console.error('Response status code:', response.statusCode);
    }
});
NOTE
note_48.png
 Ensure that you include an authorization header in every request to authenticate with TopTeam REST API.

Modifying API Keys

Step 1. Select the API Key you want to modify, and then click Edit (on the gear menu or toolbar)

C:\Users\admin\AppData\Local\Temp\SNAGHTMLe730c3c.PNG

Step 2. Edit the API Key

Edit the key name, description (optional), or key expiration, and then select Save.

C:\Users\admin\AppData\Local\Temp\SNAGHTMLf154990.PNG

Inactivating API Keys

You can inactivate an API key to disable it. Inactivated key cannot be used for authentication.

Step 1. Select the API Key you want to deactivate, and then select Inactivate (on the gear menu or toolbar)

C:\Users\admin\AppData\Local\Temp\SNAGHTMLf1ce5be.PNG

Step 2. Select Yes in the confirmation dialog

To activate a key, click Activate.

Regenerating API Keys

Regenerate a key if you suspect a key has been compromised or need to refresh it. After regeneration, the previous API Key is no longer authorized. Ensure that you save it, as it will not be displayed again.

Step 1. Select the key you want to regenerate, and then select Regenerate (on the gear menu or toolbar)

C:\Users\admin\AppData\Local\Temp\SNAGHTMLf2df04b.PNG

Step 2. Select Yes in the confirmation dialog

A new key will be generated, and the old one will be invalidated.

Filtering API Keys

Select a filter

C:\Users\admin\AppData\Local\Temp\SNAGHTMLf59a2ff.PNG
You can clear a filter by choosing the Clear Filter option from the menu. Revised: March 14th, 2024
Tags: