API keys

API keys are used to uniquely identify a user and protect APIs from unauthorized access. You or external service providers can use API tokens to access data and perform actions securely.

Since API keys allow direct access to protected data, you should always handle them carefully and never save them unsecured.

View Existing API Keys

1. The permission api_key__list is required.
2. Go to Settings ➜ General ➜ API Keys.
3. On the overview page, all existing API keys are displayed.

Tokens are organized according to their use:

• Admin API Keys
• CMS Internal Tokens
• Storefront API Keys

Depending on their use, API keys control access to certain areas and permissions. For details on the different rights, please contact your technical consultant.

The following information is displayed for each key:

• Last four characters of the key
• Creation date
• Scope of the resources
• Note (if added)

Generate API Keys

To generate a new API key in the SCAYLE Panel:

1. The permission api_key__create is required.
2. Go to Settings ➜ General ➜ API keys.
3. Click + Token.
4. A window opens where you need to specify the following
   1. Resources (these refer to the endpoints/ entities the token should apply to)
   2. Operation Type (restricts the access token to read or read & write access)
   3. Token Name
   4. Description
5. Additionally you can restrict the Token further based on specific companys, shops and/ or IP Address Filtering

When you generate a token, the creation date is automatically saved, and the key is then displayed. You can save it directly to your clipboard with a click on the copy button.

The created token will only be displayed once. If you leave the creation page, you will only see the encrypted token. It is no longer possible to view the complete API key.

Delete API Keys

API keys can be removed individually using the delete icon. The permission api_key__delete is required for this action. Deleting an API key will immediately disable all access utilizing that key.