Obtaining an Access Key

Communicating with the Fusebit APIs requires an Access KeyAccess Key - A long-lived key that you can use to invoke the Fusebit API. Simply provide the key as a bearer token in a the Authorization header of a request, as in `Authorization: Bearer {your-key}`. This key should be kept private and not shared, but can be revoked if necessary. to securely identify who you are, and protect your IntegrationIntegration - An integration is the place the you write your code to get things done! Written in NodeJS, an integration runs in Fusebit's secure and scalable environment to translate between the needs of your backend application and the remote service or services you're connecting to.s and ConnectorConnector - A connector is the package from Fusebit that manages the relationship between one or more integrations and a specific service. One of the most common types of connector is an OAuth connector, which takes care of the OAuth negotiation between your customers and the service you're integrating, so that you don't have to!s. You can obtain a Key from the Fusebit Management PortalFusebit Management Portal - The Fusebit Management Portal enables you to easily setup and manage all your integrations in one place. Link: https://manage.fusebit.io.

Obtaining an Access Key

Go to the detail page for the Integration you created earlier and tap on the Connect button under Your Application.

On the next screen, you will be presented with your Key.

Be sure to take note of the following values as they will be used later on.

  • Key: it will only be displayed once for security reasons.
  • Integration Base URL: the root URL of your Integration's management endpoint

❗️

Access Keys are powerful authorization secrets that grant access to your Fusebit account. They do not expire, so store them securely.

This dialog also enables you to name the Key, so you can easily remember which system or application is invoking Fusebit using this Key.

Access Key Management

Given that Access Keys are long-lived and provide access to your account in Fusebit, they should be handled with care. Here are some best practices around managing them:

  • Generate a unique Key for each isolated application or system that needs to call Fusebit
  • Give each Key a descriptive name to make it easy to track which application or system the key is meant to be used by
  • Remember that you can always delete a Key in the Your Application area of an Integration if you suspect it may have been compromised
  • You can implement an outage-free rollover from an old Key by generating a new one for the same system, and leaving both old and new Keys active for a brief window until all of your systems are migrated off the old Key.

📘

In some security scenarios, it is desirable to automatically roll Keys at a regular interval or use short-lived Access Tokens instead to minimize the chances of a credential being compromised. Fusebit supports these scenarios, please contact support for help on configuring them.

Conclusion

Now that you have obtained an Access Key, you will use that Key in subsequent steps.


Did this page help you?