Secret Key
  • 27 Mar 2023
  • 1 Minute to read
  • Contributors

    Secret Key

      Article Summary

      Secret Key plays a significant role in Quixy Integrations for both pushing and pulling data. It is the piece of information or parameter used to encrypt and decrypt messages symmetrically (uses only one key), or what we call secret-key encryption. 

      Users need to have the integration access to get the Secret Key. 

      Quixy uses simple token-based authentication. To generate or manage your API key, go to My Profile -> Integrations Tab in your Quixy account. Your API key carries the same privileges as your user account, so be sure to keep it secret! 

      You can authenticate the API by providing your API key in the HTTP authorization bearer token header. Alternatively, a slightly lower-security approach is to provide your API key with the api_key query parameter. 

      All API requests must be authenticated and made over HTTPS.

      The bearer token expires automatically every 10 minutes, you need to generate a new bearer token every time it expires.
      The data access when pushing or pulling the data is limited to the respective user roles, one without admin access cannot see the whole data which only admin have access to.
      Best Practice for Organizational Admins:
      We advise having a separate account specifically for integrations and assigning a dedicated team to manage it. This will help prevent failed login attempts and the resulting account blockages, which can disrupt the integration.

      How to use the Secret Key? 

      The secret key in Quixy is used to generate a Bearer Token which is further used to call/consume an API. In Quixy, the API can be a Webhook API (Push data into Quixy) or Report API (Pull data from Quixy) 

      1. First, let us see how to generate a bearer token. 
      2. Next, use the bearer token to call an API (Report API / Webhook API).

      Generate Bearer Token (Experience in POSTMAN)

      To generate a Bearer Token in Postman is easy and needs collaboration of Quixy platform for API details and Postman to run the API and generate bearer token. Refer to the GIF below to understand the process.

      Postman Token Generation GIF 

      Was this article helpful?