Internal API access policy
Learn more about the Internal API access policy on the Digibee Integration Platform.
Last updated
Learn more about the Internal API access policy on the Digibee Integration Platform.
Last updated
Internal API access is a security standard used for API calls, allowing pipelines to be safely accessed..
You can choose between 3 options for each environment, as described below:
Required use of API Key only: all pipelines that use a trigger that exposes your pipeline to external calls must use a key. You can activate this option when configuring a trigger.
Required use of JWT with API Key: all pipelines that use a trigger that exposes your pipeline to external calls must use a JWT token and also an API Key.
Any type of authentication allowed: this option allows the developer to choose the type of authentication, but no specific authentication is required. We strongly recommend that you use at least one of the two options above.
In the image below, you can see how the alternatives are displayed and choose one for each environment.
Once your Internal API access policy is configured, each new pipeline must follow the rules according to your definitions. If a developer forgets to apply your policy, they will be reminded during the deployment phase. In other words, it isn't possible to deploy the pipeline, until they have resolved the issues.
If you want to learn more about the concepts, refer to the Policies article.
To enable your API Key or JWT Token in your pipeline trigger, activate the toggle as shown in the image below:
Now that you have your policy, and also a pipeline configured to use an API Key, you can create a new API Key or make use of an existing one by accessing the Consumers (API Keys) page under the Settings menu.
After you create your API Key, don't forget to associate it with your pipeline on both environments.
Read more in the Consumers (API Keys) documentation.
Once you decide to make use of JSON Web Tokens, it will be necessary to create a second pipeline that will serve as your login flow. The login flow is used to generate your JWT, so that can be used in your API calls.
