For requests which require authentication, the Integration API uses an API key security scheme utilizing a pair of keys, a secret key and key id, as headers. If your Key ID or Secret Key cannot be validated, a 401 status code is returned. If either header is not provided, a 401 status code is also returned. Each Key is created under a Company, (i.e., a Record360 customer), so one Company cannot access a different Company's data (for obvious reasons).

Key ID

A UUID sent via the api-key-id header. The API Key ID can be used to identify your API key.

Header parameter name: api-key-id

Secret Key

A secret API key sent via the api-key-secret header. Your secret key is not stored after creation, and it should be treated as a password.

Header parameter name: api-key-secret

Example

  curl -i -H "api-key-id: 3e50cee3-0548-4805-95e8-cb49659f968f" \
          -H "api-key-secret: PRV3hhbe57fe5wlr2hxifzentr89uu4zpf"
          https://api.record360.com/v3/units

Creating an API Key

Every API key generates a secret key and key id upon creation. The secret key is not stored by us and should be treated like a password. You must copy it to a safe place upon creation. The key id is visible on the Dashboard and can be used to identify an API key.

If you haven't done so already, sign in to the Record360 Dashboard. All set?

📘
Do you have permission?
Currently, only Managers and above can create API keys.

To create a key:

Select Integrations in the main menu.
Look for the Integration API card. If its your first key, click Start for a guided walkthrough. If not, select Manage.

Select New API Key in the upper right, and give it a name you will remember! (Exciting!)
After selecting Create, you will be given the secret key. This is important. Its like your password to access everything API, so store it somewhere secure. You will not be able to access this key again.

Once you store your secret key, you can close the pop-up and get your key id. The key id is like the username for your API access when making a request. It is a unique identifier you can use to keep track of the API key (in addition to the name you gave it).

Congrats, you've generated your first API key! Try sending a sample request:

curl -X GET "https://api.record360.com/v3/units?per-page=1" \
-H "api-key-secret: your-api-key-secret" \
-H "api-key-id: your-api-key-id"

We recommend creating different API keys for different purposes, so there is no single point of failure if one of your API keys is exposed. Don't forget to add helpful names to keep track of your integrations!

Ready to go? Head on over to Units to see our interactive API documentation.

Changing API Keys

If one of your API keys has been leaked or if you have any security concerns about a particular API key, we strongly recommend you cycle your API keys. It is also good practice to cycle your keys on a regular basis. You can do so by taking the following steps:

Delete the key of concern from the Integrations section of Dashboard. Select the three dots to the right of the name to see Key options; then select Delete.

Ensure you are deleting the correct API key, and complete the confirmation modal.
Re-generate a new API key in its place following the instructions above.
Replace each instance of the old API key with the new one.

❗️
Breaking Integrations
Deleting an API key will break any integration relying on that credential. Do not forget to replace old credentials with new ones!