API Keys
An API key is a simple encrypted string that you can use when calling LogicalDOC APIs.
Each user can generate multiple API keys, and each one can be used by an external application to connect to LogicalDOC in the name of that user. This is more secure compared to using the user's credentials directly, and since release 9.0 the legacy credentials authentication has been deprecated in favor of the new API Key authentication.
Creating an API key
Open the menu Account > Security > API Keys.
Here click on Create new API Key, You will be asked to give a name to the new key, so type the name and confirm.
Immediately copy the code in a secure place because you won't be able to see it again.
You can then put this generated key into your application so it will be able to connect to LogicalDOC
Securing an API key
When you use API keys in your applications, ensure that they are kept secure during both storage and transmission. Publicly exposing your credentials can result in your account being compromised, which could lead to unexpected charges on your account. To help keep your API keys secure, follow these best practices:
Do not embed API keys directly in code. API keys that are embedded in code can be accidentally exposed to the public. For example, you may forget to remove the keys from code that you share. Instead of embedding your API keys in your applications, store them in environment variables or in files outside your application's source tree.
Do not share the same API key among more applications, for instance do not use the same key for the Office addins but create an API key for the Office Addin and a different key for the Outlook Addin.
Delete unneeded API keys to minimize exposure to attacks.
Review your code before publicly releasing it. Ensure that your code does not contain API keys or any other private information before you make your code publicly available.