Skip to the content

Automating API Key Management

One of the ways to authenticate to our range of data validation APIs is to use an API Key. They provide a simple, convenient way of adding data validation to server- or client-side apps with minimal coding.

If you use it on a website, in order to keep your key secure one of the steps we take is to ensure it's only being used from a website you've specifically allowed. You can do this easily from the API Key page.

However, if you've got a large number of domains, managing this manually becomes time consuming and error prone, so you can now automate this process using our management API.


Unlike our data validation APIs, which you can authenticate to using either username & password, API key or JWT, our management API requires the use of OAuth client credentials. You can generate a client ID and secret from the Security Settings page of our dashboard.

Once you have a client ID and secret you can authenticate to our API using the programming library of your choice. For testing purposes you can also browse to and click the "Authorize" button in the top right and enter your details.

Creating an API Key

If you don't already have one, you can create a new API key by making a POST request to the /ApiKey endpoint, e.g.

POST /ApiKey
Content-Type: application/json

  "description": "My new API key"

This will generate and return the details of the new key, e.g.

200 OK
Content-Type: application/json

  "key": "ABCD-1234-EFGH-5678",

Adding allowed domains

Once you have your key, you can authorise it to be used from new domains by making a PUT request to the /ApiKey/{key}/allowedDomains/{domain} endpoint, e.g.

PUT /ApiKey/ABCD-1234-EFGH-5678/allowedDomains/

You can now use your key on the newly authorised domain.

Next Steps

Find out more about how Data8 can help you

About the author

Mark Carrington

Mark Carrington

Mark Carrington is the Chief Technologist at data8 and lives and breathes everything to do with data and Dynamics