API Key Authentication
Using an API key is a way outside of the OAuth. flow to gain access to the Salesloft Public API. API Keys can be used to access the API on behalf of the issuing user.
Provisioning an API Key
You can create apps via your Salesloft Account →Your Applications →API Keys → Create New.
Input a descriptive name that will help you identify your key and click Submit. The next screen will show your assigned key.
Our API Keys take the form "ak" followed by a 64 character hexadecimal string:
ak_de656ec86bcab24878c24ff4d86758f8963d8ea6bcd4e90f8fae846ba8f9ac62
You can go to Salesloft Account →Your Applications →API Keys to see all of the keys associated with your user.
Protecting an API Key
API Keys function like logins, so keep them protected and never use them in publicly accessible code, like front end applications.
Protecting an API Key is extremely important for reasons such as:
- Unauthorized API requests: if someone has your API Key they can impersonate and make requests or delete your information without your knowledge or permission
In order to protect you and your organization here are some things to keep in mind:
- Never use or hard code them in publicly accessible code, like front end applications.
- Use environment variables(env) or .gitignore file to store your API keys
- Consider using a key management service
Revoking an API Key
You can go to Salesloft Account →Your Applications →API Keys to see all of the keys associated with your user and choose the one that you want to revoke/delete.
Authorizing Requests
All requests that go to the Salesloft API using API Keys will need to follow the HTTP Authorization Header format below:
Authorization: Bearer YOUR_API_KEY