API Keys¶
API keys allow programmatic access to the Energy Substantiation platform.
Creating an API Key¶
- Log into the platform
- Navigate to Settings > API Keys
- Click "Create New Key"
- Copy the key immediately (it won't be shown again)
Security
Store your API key securely. Never share it or commit it to source control.
Using an API Key¶
Include the API key in the Authorization header:
Example request:
Key Permissions¶
API keys inherit permissions from the user who created them:
| User Permission | API Key Capabilities |
|---|---|
| Admin | Full API access |
| Admin Supplier | Orders, suppliers, positions |
| Trader | All order types, positions |
| Trader Buyer | Mint/burn orders, positions |
| Trader Supplier | Offer/buy-back orders, positions |
| Viewer | Read-only access |
Managing Keys¶
Viewing Keys¶
Navigate to Settings > API Keys to see:
- List of active keys
- Creation date
- Last used date
Revoking Keys¶
To revoke a key:
- Navigate to Settings > API Keys
- Find the key in the list
- Click "Revoke"
Revoked keys stop working immediately.
Best Practices¶
- Rotate keys regularly - Create new keys and revoke old ones periodically
- Use separate keys - Create different keys for different applications
- Limit permissions - Use the minimum role needed for each use case
- Monitor usage - Check "last used" dates for unusual activity
Next Steps¶
- Permissions - Understanding access levels
- Organizations - Managing accounts