# External API access policy

External API access is a security standard used for API calls, allowing pipelines to be safely accessed over the Internet via HTTP.

You can choose between 3 options for each environment, as described below:

* **Required use of API Key only:** all pipelines that use a trigger that exposes your pipeline to external calls must use a key. You can activate this option when configuring a trigger.
* **Required use of JWT with API Key:** all pipelines that use a trigger that exposes your pipeline to external calls must use a JWT token and also an API Key.
* **Any type of authentication allowed:** this option allows the developer to choose the type of authentication, but no specific authentication is required. We strongly recommend that you use at least one of the two options above.

In the image below, you can see how the alternatives are displayed and choose one for each environment.

<figure><img src="/files/4zrFxPX6OE1Oow0SYdO1" alt=""><figcaption></figcaption></figure>

## How it works

Once your External API access policy is configured, each new pipeline must follow the rules according to your definitions. If a developer forgets to apply your policy, they will be reminded during the deployment phase. In other words, it isn't possible to deploy the pipeline until they have resolved the issues.

[If you want to learn more about the concepts, refer to the Policies article.](/documentation/developer-guide/platform-administration/governance/policies.md)

To enable your **API Key** or **JWT Token** in your pipeline trigger, activate the toggle as shown in the image below:

<figure><img src="/files/JueXtZrnpwiluYCXMPUv" alt=""><figcaption></figcaption></figure>

## Creating your API Key

Now that you have your policy, and also a pipeline configured to use an API Key, you can create a new API Key or make use of an existing one by accessing the **Consumers (API Keys)** page under the **Settings** menu.

After you create your API Key, don't forget to associate it with your pipeline on both environments.

[Read more in the Consumers (API Keys) documentation.](/documentation/developer-guide/platform-administration/settings/api-keys-consumers.md)

## Creating your JWT Token

Once you decide to make use of **JSON Web Tokens**, it will be necessary to create a second pipeline that will serve as your login flow. The login flow is used to generate your JWT, so that can be used in your API calls.

[Please refer to the Digibee JWT (Generate and Decode) implementation if you want to learn more about it](/documentation/connectors-and-triggers/connectors/security/digibee-jwt/digibee-jwt-implementation.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.digibee.com/documentation/developer-guide/platform-administration/governance/policies/security/external-api-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.