Securing API Endpoints with Airkit API Tokens & Permissions Securing API Endpoints with Airkit API Tokens & Permissions

Securing API Endpoints with Airkit API Tokens & Permissions

Ismaen Aboubakare Ismaen Aboubakare

An App API can be configured to require authentication or to be publicly available. This article will cover how to secure an App API endpoint using API Tokens. 

Creating a Token

If the App API requires authentication, a token must be created. To create a token, go to and click on API in the left hand navigation. Then click on Tokens > '+New' > enter in a name for the token. You can also configure user variables and IP addresses for additional layers of permissions.


Then click Create, which will generate a token.

Important: Make sure to safely store the generated token at that moment since it will not be retrievable afterwards.

Configuring the API to require Authentication

To configure the API to require Authentication, go to Connection Builder and select the API created under 'Web Links'.


Then Click on the checkbox under Requires Authentication. This will enforce the API to have a Bearer token with the API Request. 

To add an API Key Group, which is used to give API access to particular users within an organization, go to Configuration Builder, scroll down to API Key Filtering, add an API Key Group.  Then select the Token name created previously.


Once the API Key group is configured, then it can be configured to the API.


Testing the App API

To test an API that requires authentication, the following header must be set:
"Authorization: Bearer <token>" where <token> is replaced with the token generated in the "Creating a Token" section. Below is a screenshot of testing the API from Postman. 



Further Reading



Was this article helpful?

0 out of 0 found this helpful

Add comment

Please sign in to leave a comment.