Skip to content

Introduction to API Key

What is an API Key?

An API key is a static alphanumeric string of variable length designed to authenticate and authorize requests to access specific service through an API. In the context of myBiros, an API key is required to interact with its services. By including the API key in your requests, myBiros can verify that you have the necessary permissions to access the data or functionality offered by its platform. Each API key is unique and should be kept secure, as it grants access to sensitive operations within the myBiros system.

When is an API Key Required?

myBiros offers its services through two channels: a web app and an API. If you wish to use myBiros's features via the API, it will be necessary to create an API key.

Note

If myBiros is used solely through the web app, there is no need to create an API key. All functionalities can be accessed directly within the web interface without additional authentication steps for API access. In this case the creation of an API key is strongly discouraged.

How-to Create an API Key

Through the myBiros platform available at https://platform.mybiros.com, each user can access their use case of interest and, through the settings, navigate to the API section.

ApiKeyHome

From this panel:

1. Click on Create API Key.
2. Insert a meaningfull and descriptive name for the key.
3. Click Create to confirm.
4. Is now possible to see or copy the key generated.

Note

For each use case, is possible to have up to 20 active keys simultaneously.

How-to Revoke an API Key

Through the myBiros platform available at https://platform.mybiros.com, each user can access their use case of interest and, through the settings, navigate to the API section.

ApiKeyHome

On the API keys page for the selected use case, all created API keys will be displayed. To revoke an API key, simply click on the trash icon next to the API key you wish to delete.

Danger

Once an API Key has been revoked is not possible to restore or undo the operation. All third parties app that use the revoked key will lose their permissions.

How-to Manage API keys securely

API keys provide access to the use case and the documents that have been uploaded to the platform. Therefore, here are some suggestions for proper use:

  • Always keep API keys secret and do not embed them directly in code or applications exposed to the public.
  • Always use different keys for each application.
  • Delete keys that are no longer in use.
  • Rotate keys when possible.
  • In case of a compromise of one or more keys, immediately proceed to delete or rotate the compromised keys.

Frequently Asked Questions (FAQ)

Can i use the same API Key on multiple use cases?

Each use case has its own set API keys, so it is not possible to use 
the same key to query the APIs of different use cases.

Can i share the same API Key on multiple third-party services?

Yes, there are no restriction on how many external services/apps are attached on a single Key.
Anyways this practice is strongly discouraged and we suggest to create a single key for each
external service/app.

How many API keys can i create for each use case?

The current limit is 20 Keys x use case.