This release includes a major change to how API Keys are created and managed. We made this change to better align with how our customers are using API Keys. The decoupling of API Keys to specific users is a critical change. More and more API Keys are tied to a specific external system or company rather than to a specific user.
For API Keys created for your own use, the old way of doing it would be for a system user to grab their own API Key and then plug that into whatever application needed it. The first problem we see here is when that user leaves the company, that API Key is still being used.
With the new release, you can create an API Key for a specific reason, limit its permissions to only the API functions it needs, and then optionally tag that key to a user which may help in remembering why the key was created (but deleting the user does not disable the key!). We strongly suggest only enabling the API Key for the function it needs. If possible you should also restrict the API Key to only the IP Addresses from where it should be connecting. If that is not possible in every case, we would suggest limiting the API Key to allowed countries from which you expect traffic.
Check out our Onboarding PDF to get a step-by-step guide. To check and create API keys, you can access them through the Settings tab and then click the API Keys. From here you can edit, copy and show the history of the specific API key. You can also activate and deactivate your keys and see how long until they expire. We have a new API key wizard as well! To use it, simply click the Add New API Key button on the upper right to create a new key.
How to whitelist restricted APIs
You can also check API Key usage, but selecting the usage button in the API Keys sub tab under Settings.