Crunch allows you to use API keys, which provides enhanced security protection to your account. The following provides a brief description of how API keys work and how you can use the Crunch UI to manage them.
How API Keys work
You may already know about how passwords work, which are issued to SSO users so that they can authenticate directly to the API. But passwords can create a security loophole because even when SSO is removed, a password still enables a user to access the API.
With an API key, you have the ability to give SSO users a key that allows them to access the Crunch API without having to issue a password. Previously, a time-based session token was used to grant access to the API, but those are no longer needed when using an API Key (session tokens will be disabled in the future). You are then able to store the API key as an environment variable within your application. See below for more information.
Managing API keys
- Log into the Crunch UI.
- Click the vertical three dots on the upper right and select 'User Settings' in the panel that appears.
- Click the 'Create API key' link to create a new key.
- Click the icon on the right to copy the key.
- To delete and reset an API key, click the 'Reset API key' link:
- The following prompt appears:
- Click Cancel to retain your existing key or Reset to create a new key.
Using API Keys with cURL
Once you create and copy the API Key, you can use a cURL command to test it. For example:
$ curl GET https://app.crunch.io/api/teams/ -H 'Authorization: Bearer apk-0N5bn6uLOtxJITX37Ylqei0UWowEdAJp0pRbxSeIC9w='
{"element": "shoji:catalog", "self": "https://app.crunch.io/api/teams/", "description": "List of all the teams where the current user is member", "index": {}}%
The successful response shows you the team (which is blank in the above example) that the user belongs to.
If you use cURL for API requests, you can also create a ~/.curlrc file in which you can put a line -H "Authorization: Bearer <api_key> and it will add this to all your crunch API requests automatically.