website logo
⌘K
Explore our documentation
Contact APIANT support
What is APIANT?
Automation Editor
Key Concepts
Account Management
Managing Automations
App Connections
Building Automations
Alert Mappings
Troubleshooting
CRMConnect: Mindbody → HubSpot
ShopConnect
Manually pushing Mindbody orders to Shopify
Retrying orders from Shopify → Mindbody
Settings
Sync Products
Automation Alert Reports
Linked Accounts
ZoomConnect
New features in version 4
Settings
General
Email & SMS
BOTs
MINDBODY
Zoom
Troubleshooting
Assembly Editor
Key Concepts
Account Management
API Key Management
Managing Content
Building Assemblies
API Integrations
Other Assembly Types
Keyvalue Storage
Assembly development cycle
APIANT for Integrators
Help Forum
Automation Templates
Development Server
Module IDE
Shared App Connections
Tenants and Linked Accounts
APIANT Inline
Supported functionality
Embed Inline
Sandbox
Docs powered by archbee 

API Key Management

11min

The system provides a Keyvault which is encrypted storage in the system's database.

The Keyvault is most commonly used as a place to store API credentials, like API keys and OAuth client ids and secrets.

The root admin account

The system's root admin account is the one whose Keyvault should contain all needed API credentials for publicly used apps.

The root admin account's Keyvault is accessible via the Admin Console. Alternatively, if the root admin account is signed into the assembly editor, the keyvault option under the account menu can be used:

Document image


Developer accounts

In order to support API development on a single system where there could be independent developers who do not work for the same organization, each account also has its own Keyvault.

This is not a typical scenario. The most common scenario is that only the root "admin" account's Keyvault is used to store API keys and other sensitive information.

Developers may access their own Keyvaults from the assembly editor's account menu here:

Document image


Keyvault management

The Keyvault dialog provides functionality to add/edit/remove items and to export/import all items in the Keyvault:

Document image


To edit an item, double-click an item in the list:

Document image


It's a good idea to use the description field to fully document how to obtain the API key or piece of information.

Accessing Keyvault values in assemblies

The Utility - Keyvault Value module is used to fetch a saved value from the Keyvault.

The most common use of the Keyvault is to store needed API credentials like OAuth client ids and secrets needed for app connection assemblies:

Document image


For extra safety, configure the Utility - Keyvault Value modules to protect their output data. See Protecting output data.

The module has a dropdown pick list to configure which account's Keyvault should be used when the assembly is executed outside of the assembly editor:

Document image


The "author" is the account that first saved the assembly, or the account that has later taken ownership of it (see Taking ownership of an assembly).

The module enforces certain behaviors depending on this setting and also where the assembly is being executed as a way to protect access to API keys and other values stored in keyvaults, as well as to facilitate development in the assembly editor.

Executing the assembly in the assembly editor

When an assembly containing a Utility - Keyvault Value module is executed in the assembly editor, the following rules apply:

  1. If the server being used is a development server, the selected account's Keyvault is accessed.
  2. If your account has the "Assembly Administrator" permission or you have used the "Switch Account" functionality to switch accounts, then the selected account's Keyvault is accessed.
  3. Otherwise your account's Keyvault is accessed.

Executing the assembly outside of the assembly editor

When the assembly is executed outside of the Assembly Editor, the selected account's Keyvault is accessed.

For baseline assemblies the assembly author will be the root admin account, whose Keyvault is accessible in the Admin Console.

Updated 03 Mar 2023
Did this page help you?
Yes
No
PREVIOUS
Account Management
NEXT
Managing Content
Docs powered by archbee 
TABLE OF CONTENTS
The root admin account
Developer accounts
Keyvault management
Accessing Keyvault values in assemblies
Executing the assembly in the assembly editor
Executing the assembly outside of the assembly editor