Secret Key
  • 15 Sep 2022
  • 1 Minute to read
  • Contributors

Secret Key


Secret Key plays a significant role in Quixy Integrations for both pushing and pulling data. It is the piece of information or parameter used to encrypt and decrypt messages symmetrically (uses only one key), or what we call secret-key encryption. 

NOTE
Users need to have the integration access to get the Secret Key. 

Quixy uses simple token-based authentication. To generate or manage your API key, go to My Profile -> Integrations Tab in your Quixy account. Your API key carries the same privileges as your user account, so be sure to keep it secret! 

You can authenticate the API by providing your API key in the HTTP authorization bearer token header. Alternatively, a slightly lower-security approach is to provide your API key with the api_key query parameter. 

All API requests must be authenticated and made over HTTPS.

CAUTION
The bearer token expires automatically every 10 minutes, you need to generate a new bearer token every time it expires.
NOTE
The data access when pushing or pulling the data is limited to the respective user roles, one without admin access cannot see the whole data which only admin have access to.
Best Practice for Organizational Admins:
For all the integrations that need to be performed by an end-user (may there can be a person who does all the integrations), please maintain a universal Quixy end-user account which has Integration Access that can be accessible by anyone. This will eliminate the FOMO.

How to use the Secret Key? 

The secret key in Quixy is used to generate a Bearer Token which is further used to call/consume an API. In Quixy, the API can be a Webhook API (Push data into Quixy) or Report API (Pull data from Quixy) 

  1. First, let us see how to generate a bearer token. 
  2. Next, use the bearer token to call an API (Report API / Webhook API).

Generate Bearer Token (Experience in POSTMAN)

To generate a Bearer Token in Postman is easy and needs collaboration of Quixy platform for API details and Postman to run the API and generate bearer token. Refer to the GIF below to understand the process.

Postman Token Generation GIF 



Was this article helpful?