Managing Your API Keys

Our API Keys page covers the basics of how API keys are used in Gainly. This page provides details on managing your API keys.

Create new API keys¶

When your account is provisioned, you'll automatically get a Test API key and a Live API key. In addition, you can create new API keys up to a maximum limit.

Follow these steps to create a new API key:

Prerequisites

You're logged in to your Gainly Dashboard.

Click API Keys in the left sidebar.
Click one of these buttons:
- Create Test API Key button under Test API Keys.
- Create Live API Key button under Live API Keys.
Follow on-screen prompts to create a new API key.

Maximum API keys allowed¶

Mode	Maximum API keys allowed
Live	2 live API keys
Test	5 test API leys

Live API Keys¶

Live API Keys

Only users with the Admin role can access live API keys.

Your account can have a maximum of two (2) live API keys active at any time.

Why two keys?¶

Primary Key: Your main key for production use.
Secondary Key: Serves as a backup or for key rotation purposes.

This limit is designed to balance security and flexibility:

Enhanced Security: Fewer active keys reduce potential vulnerabilities.
Key Rotation: Two keys allow for smooth transitions during key rotations without service interruption.
Backup Access: If one key is compromised, you have a second key for immediate use.
Simplified Management: Easier to track and secure a limited number of keys.

If you require additional keys for your use case, please contact us to discuss your needs.

Best practices¶

Only share your API keys with those who have a need to know.
Store the keys in a secret management service or password manager.
Do not commit the keys into Git or other version control systems.
Do not include the keys in client-side code (such as Javascript SPA or mobile apps).
Regularly rotate your API keys (we recommend every 60-90 days).
Use a descriptive name for your key to easily identify its purpose, and use notes for additional information about the key.

Test API keys¶

Since test API keys do not pose the same level of security risk, we allow up to five (5) test API keys.

Please note that test API keys incur the same API costs as live keys, i.e. the test mode is not free. As a result, please follow the best practices listed above for your test API keys as well.

Expire an API key¶

Set an expiry date and time (in UTC) to expire the key at that time.

Follow these steps to expire an API key:

Prerequisites

You're logged in to your Gainly Dashboard.

Click API Keys in the left sidebar.
In the row corresponding to the desired API key, click the ... icon.
In the resulting menu, select Expire Key.
Follow on-screen prompts to define an expiry date/time for this key.

Info

API requests using this key will keep working until the defined expiry date/time.

Revoke an API key¶

Revoke an API key to immediately disable it.

Follow these steps to revoke an API key:

Prerequisites

You're logged in to your Gainly Dashboard.

Click API Keys in the left sidebar.
In the row corresponding to the desired API key, click the ... icon.
In the resulting menu, select Revoke Key.
Follow on-screen prompts to revoke the key.

Info

All API requests using this key will immediately start failing, and will return 401 errors.

IP address restrictions¶

You can define IP address restrictions for an API key, allowing only requests from specified IP addresses/ranges.

Multiple IP restrictions can be set for an API key, each defined by:

IP address
Optional CIDR

Follow these steps to define IP restrictions for an API key:

Prerequisites

You're logged in to your Gainly Dashboard.

Click API Keys in the left sidebar.
In the row corresponding to the desired API key, click the ... icon.
In the resulting menu, select Manage IP Restrictions.
Follow on-screen prompts to define IP address restrictions for this key.

Info

API requests using this key from all other IP addresses will fail, and will return 403 errors.