Generating API Keys

Overview

The API Key feature allows you to manage API key generation via the user interface in the Settings. It supports Basic, HMAC, and Partner API key generation.

Permissions

The API Key permission controls access to the API Key page.

  • N/A prevents users from accessing the page.

  • Read allows users to view the existing configuration.

  • Write allows users to create new API keys.

Limits

API key limit for Client, HMAC User, or HMAC client is set to Default, up to 10 but can be custom configured between 1 to 50 per customer requirement. API Key limits for Partners are always set to five keys per partner.

Customers will need to contact account managers to change the limit on the number of API keys they can generate.

Generate API Keys

In Control Center, navigate to Settings > API Keys. Click Generate Key to generate API keys based on requirements.

Four different types of API keys can be generated:

Client API Key

Client API keys allow customers to connect their third-party apps and service to the reward program. Customers can generate public keys using Client API. For more information, see Oracle CrowdTwist APIs.

Client HMAC Key

HMAC (hash-based message authentication code) is used to verify that a request is coming from an expected source and that the request has not been tampered with in transit. Customers can achieve this by generating HMAC Client keys that include both public and private keys in each message, the latter of which is only known to the server and client. For more information, see API HMAC Authentication.

User HMAC Key

The CrowdTwist end-user mobile authentication process provides an HMAC-enabled authentication endpoint that returns a user session token and key that must be included in all subsequent API calls. Customers can generate the API keys for mobile authentication using the HMAC user key, including public and private keys. For more information, see API Mobile Authentication.

Partner API Key

Partner API Key allows customers to access custom activities for the partners. A default API key is generated during partner creation, and a maximum of 5 keys can be generated for each partner. For more information, see Partners.

Note:
• API key names must be unique.
• Customers can view the entire API key for 20 seconds by clicking the eye icon.
• API Keys once deleted cannot be retrieved.