May 28th, 2018

Project Only API Keys

API keys are used to grant access and allow actions to be performed using the Packet API. Until now, using a personal API key was the only way to communicate with Packet's API.

Embedding personal access token into your program is universally frowned upon, however, as a particular user's access level could change over time. For instance, if that user is granted access to additional projects or organizations, the embedded API key would gain additional privileges. Or, if the user leaves your company and you disable that user's account, your integrations could break because their API keys are still embedded in your program.

In many cases, system or "bot" accounts simply need access to a single project to perform the necessary actions. For this reason, we now have the ability for you to create API keys that are associated with a single project. These API keys are sandboxed to one project, so you can safely create API keys for "development" and "production", and never worry that one key will be able to create/delete devices in the other.

Like personal API keys, you can create per-project API keys with read/write or read-only permissions, and you can manage these API keys in the Project Settings area in the client portal.

As always, feel free to email us if you have any questions. For more information about our API, read our documentation