API keys for Feedback

Programmatic credentials for Feedback API

For machine-to-machine communication, you can create API keypairs for your Feedback account or environment from the Feedback Web UI's Administration section. These keys can then be exchanged into access tokens using the Authorization Server's token -endpoint with Client Credentials Grant.

Keys created are owned by the Feedback account or environment they were created for and cease to exist at the latest if their owning environment or account is closed.

You can generate both account and environment-specific API keypairs from the Feedback Web UI, using Administration -> Access management -> API management page.

In order to see API access management for an account, your user account needs to have full administrator permissions for that Feedback account. In order to see API access management for an environment, your user account needs to have full administrator permissions for the Feedback environment, either explicitly or inherited from an account owning the environment.

You can also individually enable or disable specific keypair, to temporarily prevent access to the API data using those credentials, add a comment describing the key's purpose and edit the scopes that a key can request when getting an access token.

If the given API keypair is no longer needed or in use, you can also remove it completely.

❗️

Removing API keypair is an irreversible operation

Once removed, a keypair cannot be recovered and used again, and all clients using that keypair will cease to be able to access data from the API unless a new set of credentials is used instead.

🚧

Mind the security in handling API keys

API keypairs should be considered security-sensitive information as they potentially will allow full administrative access to a given environment by any party holding the credentials.

For this reason, only administrators can see and generate API keypairs in the Feedback Web UI, and you should guard access to the generated credentials.