Securing API Endpoints with Airkit API Tokens and Permissions

An App API can be configured to require authentication or to be publicly available. This article will cover how to secure an App API endpoint using API Tokens. 

Creating a Token

If the App API requires authentication, a token must be created. To create a token, go to and click on API in the left hand navigation. Then click on Tokens > '+New' > enter in a name for the token. You can also configure user variables and IP addresses for additional layers of permissions.


Then click Create, which will generate a token.


Make sure to safely store the generated token at that moment since it will not be retrievable afterwards.

Configuring the API to require Authentication

To configure the API to require Authentication, go to Connection Builder and select the API created under 'Web Links'.

organizing info Then Click on the checkbox under Requires Authentication. This will enforce the API to have a Bearer token with the API Request.  organizing info

To add an API Key Group, which is used to give API access to particular users within an organization, go to Configuration Builder, scroll down to API Key Filtering, add an API Key Group. Then select the Token name created previously.


Once the API Key group is configured, then it can be configured to the API.

organizing info

Testing the App API

To test an API that requires authentication, the following header must be set:
"Authorization: Bearer " where is replaced with the token generated in the "Creating a Token" section. Below is a screenshot of testing the API from Postman.