Create and Manage API Keys
This guide walks you through creating an API key in Vidos and configuring appropriate permissions for your applications and services.
Prerequisites
- A Vidos account with administrator access
- Access to the Vidos dashboard
- Specific service requirements identified for your application
Create an API Key
API keys enable your applications to authenticate with Vidos services securely. Follow these steps to create a new API key:
- Navigate to API Keys page in the Access Management section.
- Click the "Create Key" button.
- Enter a descriptive name for your key that indicates its purpose (for example, "App-Resolution-Key" or "Testing-Resolver-Access").
- Click "Create" to generate your API key.
- Copy the displayed API key and store it securely—this is your only opportunity to see the full key.
[!IMPORTANT] After creation, the API key is not visible again, even partially. Make sure to copy the full key immediately and store it in a secure location.
Configure Permissions
After creating your API key, you need to configure appropriate permissions by attaching policies:
- From the API Keys page, locate your newly created key.
- Click on the key name to access its details page.
- In the details page, locate the "Policies" section.
- For each policy you want to attach:
- Check the checkbox next to the policy name (for example,
Access to the resolver service).
- Check the checkbox next to the policy name (for example,
- To detach a policy, uncheck the checkbox next to the policy name.
- Policy changes are applied immediately when you check or uncheck a box.
Available Service Policies
Select policies based on the services your application needs to access:
| Policy Name | Description | Use Case |
|---|---|---|
resolver.read | Grants read-only access to the resolver service | Applications that need to resolve identifiers |
verifier.read | Grants read-only access to the verifier service | Applications that verify credentials |
validator.read | Grants read-only access to the validator service | Applications that validate data formats |
authorizer.read | Grants read-only access to the authorizer service | Applications that check permissions |
gateway.access | Grants access to the API gateway | Required for most applications |
Security Best Practices
Your API key is a security credential. Follow these best practices:
- Never share API keys in public repositories or forums
- Don't embed keys directly in client-side code
- Use environment variables or secure secret storage in production
- Rotate keys periodically following security best practices
- Create separate keys for different environments (development, testing, production)
- Limit permissions to only what each application needs
- Monitor API key usage for unusual patterns
Troubleshooting
| Issue | Solution |
|---|---|
| "Invalid API key" error | Verify the key is copied correctly and hasn't been revoked |
| "Insufficient permissions" error | Check if the key has the correct policy assigned |
| Key not working in production | Ensure environment variables are correctly set |
| Unable to revoke a key | Verify you have admin permissions in the account |
Related Resources
ON THIS PAGE