Crunch allows you to use API keys, which provides enhanced security protection to your account. The following provides a brief description of how API keys work and how you can use the Crunch UI to manage them.
How API Keys work
You may already know about how passwords work, which are issued to SSO users so that they can authenticate directly to the API. But passwords can create a security loophole because even when SSO is removed, a password still enables a user to access the API.
With an API key, you have the ability to give SSO users a key that allows them to access the Crunch API without having to issue a password. Previously, a time-based session token was used to grant access to the API, but those are no longer needed when using an API Key (session tokens will be disabled in the future). You are then able to store the API key as an environment variable within your application. See below for more information.
Managing API keys
- Log into the Crunch UI.
- Click the vertical three dots on the upper right and select 'User Settings' in the panel that appears.
- Click the 'Create API key' link to create a new key.
- Click the icon on the right to copy the key.
- To delete and reset an API key, click the 'Reset API key' link:
- The following prompt appears:
- Click Cancel to retain your existing key or Reset to create a new key.