Skip to main content

API Key authentication

To get started with the MindKey Connector API, you'll need to obtain an API key, which serves as the authentication mechanism. Follow the steps below to get your API key and access the API.

Obtaining an API Key

You can obtain an API key through the MindKey application's administrative panel. Here's how:

  1. Log in to MindKey.
  2. Navigate to the Administration section.
  3. Select Integration in the menu.
  4. Choose Connector Access Control to manage your API keys.
  5. Click on the option to create a new API key.
  6. You can provide a name and scopes for the API key to help identify its purpose.
  7. The API key will be generated.
  8. Ensure that you securely store the API key as it won't be retrievable after generation.

API Key Expiration

Please note that API keys generated for the MindKey Connector API have an expiration period. They will be valid for 365 days. It's important to keep track of the expiration date to prevent service interruptions.

Using the API Key

To authenticate your requests with the MindKey Connector API, you need to include your API key in the HTTP Authorization header using the scheme ApiKey-v2. Here's an example of how to include the API key in your requests:

GET /ping HTTP/1.1
Host: connector.mindkey.com
Authorization: ApiKey-v2 YOUR_API_KEY

Key Rotation

API keys expire after 365 days. To avoid service interruptions, plan to rotate keys before they expire:

  1. Create a new API key with the same scopes as the expiring key.
  2. Update your integration to use the new key.
  3. Verify that the integration works with the new key.
  4. Revoke the old key.
warning

An expired API key will result in 401 Unauthorized responses. There is no grace period after expiration.

Revoking API Keys

If you need to revoke an API key for security or other reasons, you can do so in the same place where they are created, under the Connector Access Control section. Simply click on the revoke button of the API key you wish to revoke.

Last-Used Tracking

The MindKey Connector API automatically records the last time each API key was used. This information is visible in the Connector Access Control panel alongside each key. You can use this to:

  • Identify unused or dormant API keys that can be safely revoked.
  • Verify that a newly rotated key is being used by your integration.
  • Audit API key usage across your organization.

Last-used timestamps are updated periodically (approximately every 5 minutes) rather than on every request.

With your API key in hand and knowledge of the API base URL, you're ready to start making requests to the MindKey Connector API.