Communicating with the Fusebit APIs requires an Access Key to securely identify who you are, and protect your Integrations and Connectors. You can obtain a Key from the Fusebit Management Portal.
Go to the detail page for the Integration you created earlier and tap on the Connect button under Your Application.
On the next screen, you will be presented with your Key.
Be sure to take note of the following values as they will be used later on.
- Key: it will only be displayed once for security reasons.
- Integration Base URL: the root URL of your Integration's management endpoint
Access Keys are powerful authorization secrets that grant access to your Fusebit account. They do not expire, so store them securely.
This dialog also enables you to name the Key, so you can easily remember which system or application is invoking Fusebit using this Key.
Given that Access Keys are long-lived and provide access to your account in Fusebit, they should be handled with care. Here are some best practices around managing them:
- Generate a unique Key for each isolated application or system that needs to call Fusebit
- Give each Key a descriptive name to make it easy to track which application or system the key is meant to be used by
- Remember that you can always delete a Key in the Your Application area of an Integration if you suspect it may have been compromised
- You can implement an outage-free rollover from an old Key by generating a new one for the same system, and leaving both old and new Keys active for a brief window until all of your systems are migrated off the old Key.
In some security scenarios, it is desirable to automatically roll Keys at a regular interval or use short-lived Access Tokens instead to minimize the chances of a credential being compromised. Fusebit supports these scenarios, please contact support for help on configuring them.
Now that you have obtained an Access Key, you will use that Key in subsequent steps.
Updated 5 months ago