Search API Keys🔗

Public Endpoints🔗

Access to public endpoints is secured by providing a currently valid API key in the apikey header.

Generate🔗

POST /keys/search/{env}/generate

Generates a new key for the environment env and makes it the 'current' key, returning the generated key. If a 'current' key already exists for this environment, it is copied to a 'backup_$UNIX_TIMESTAMP' key with an optional expiry timestamp.

To specify the backup expiry use the parameter backup_expiry as the number of days for backup expiry, 0 for no backup expiry, or -1 to not backup the current key.

If a new key is generated in order to replace a compromised key it is adviced to use a very short value for the backup_expiry, just enough to replace the compromised key with the new key in your application.

eg, to specify an expiry of 60 days:

{
    "backup_expiry": 60
}

This endpoint must be called with a content type of application/json.

Authorisation is performed by validating the key supplied in the apikey header against valid keys for the environment.

Delete🔗

DELETE /keys/search/{env}

Deletes any existing backup key for the environment. For use if the customer's backup key is compromised but there is no need to generate a new 'current' key.

Authorisation is performed by validating the key supplied in the apikey header against valid keys for the environment.

Validate🔗

GET /keys/search/{env}/validate

This endpoint is used to validate the key supplied in the apikey header. The response is a JSON object with a value of true or false for valid and, if appropriate, the epoch timestamp for the key's expiry.

Eg:

{
    "valid": true,
    "expiry": 1738322713
}