Create API Key
This guide walks you through creating an API key in Vidos and configuring appropriate permissions for your applications and services.
Prerequisites
Section titled “Prerequisites”- A Vidos account with administrator access
- Access to the Vidos dashboard
- Specific service requirements identified for your application
Create an API Key
Section titled “Create an API Key”API keys enable your applications to authenticate with Vidos services securely. Follow these steps to create a new API key:
- Navigate to API Keys page in the Access Management section.
- Click the “Create Key” button.
- Enter a descriptive name for your key that indicates its purpose (for example, “App-Resolution-Key” or “Testing-Resolver-Access”).
- Click “Create” to generate your API key.
- Copy the displayed API key and store it securely—this is your only opportunity to see the full key.
[!IMPORTANT] After creation, the API key is not visible again, even partially. Make sure to copy the full key immediately and store it in a secure location.
Configure Permissions
Section titled “Configure Permissions”After creating your API key, you need to configure appropriate permissions by attaching policies:
- From the API Keys page, locate your newly created key.
- Click on the key name to access its details page.
- In the details page, locate the “Policies” section.
- For each policy you want to attach:
- Check the checkbox next to the policy name (for example,
Access to the resolver service).
- Check the checkbox next to the policy name (for example,
- To detach a policy, uncheck the checkbox next to the policy name.
- Policy changes are applied immediately when you check or uncheck a box.
Available Service Policies
Section titled “Available Service Policies”Select policies based on the services your application needs to access:
| Policy Name | Description | Use Case |
|---|---|---|
resolver.read | Grants read-only access to the resolver service | Applications that need to resolve identifiers |
verifier.read | Grants read-only access to the verifier service | Applications that verify credentials |
validator.read | Grants read-only access to the validator service | Applications that validate data formats |
authorizer.read | Grants read-only access to the authorizer service | Applications that check permissions |
gateway.access | Grants access to the API gateway | Required for most applications |
Security Best Practices
Section titled “Security Best Practices”Your API key is a security credential. Follow these best practices:
- Never share API keys in public repositories or forums
- Don’t embed keys directly in client-side code
- Use environment variables or secure secret storage in production
- Rotate keys periodically following security best practices
- Create separate keys for different environments (development, testing, production)
- Limit permissions to only what each application needs
- Monitor API key usage for unusual patterns
Troubleshooting
Section titled “Troubleshooting”| Issue | Solution |
|---|---|
| ”Invalid API key” error | Verify the key is copied correctly and hasn’t been revoked |
| ”Insufficient permissions” error | Check if the key has the correct policy assigned |
| Key not working in production | Ensure environment variables are correctly set |
| Unable to revoke a key | Verify you have admin permissions in the account |