Skip to content

API Key Management

In this article

Information

An API key is a convenient way to authorize API requests to Invapi and access a specific server's Control Panel independently from your control center and personal account.

To access the entire account or a specific server, generate an API access key in the personal area of the Invapi control panel. Follow these instructions to obtain it.

Obtaining an API key for the entire account

  1. Navigate to Invapi and click on Username >> API access keys.

  2. Click the Add new API-key button to create an API key.

    • To identify the key in the Name field, enter its name;
    • In the Restrict a new API key only for the server drop-down list, select whether the key will apply to the entire account (Any) or to a specific server;
    • Specify the IP addresses from which access will be allowed using this key in the IP ACL field, or leave it blank for unrestricted access.
    • Choose a method of notification for access to the account using this API key from the Set login notification method drop-down list. Options include:
      • None (no notification);
      • E-mail
      • Webhook - send login information via HTTP-call to your website.
    • If you select E-mail or Webhook, enter the corresponding e-mail or URL in the Notification address (email/URL) field.
    • To activate the key, check the Active checkbox;
    • To add a new API key, click the button labeled Add new API key.

    The API key will be displayed to you.

Attention

Be sure to copy and save the API key value as it will only be displayed once. Invapi stores only the hash value of the key, so if the original key is lost, it will need to be recreated.

Obtaining an API key for a specific server

  1. Go to Invapi;

  2. Please select the server for which you would like to access the external server control panel: My Servers >> You require a server;

  3. Generate an API key:

    • Navigate to the Info tab and choose the API keys option.
    • Click the Add new API-key button;

    • In the Name field, enter the name of the key to identify it;
    • Specify IP addresses only from which this key will be allowed access in the IP ACL field, or leave it blank for unrestricted access;
    • Check the Active box to activate the key;
    • Click Add new API key button.

    The API key will be displayed to you.

Attention

Be sure to copy and save the API key value as it will only be displayed once. Invapi stores only the hash value of the key, so if the original key is lost, it will need to be recreated.

Editing or deleting an API key

To edit or delete an API key, navigate to either your account or a specific server where it was generated and click on the desired key. In the window that appears, go to the General Info tab where you can:

  • change the key's name in the Name field;
  • set IP addresses from which calls using the key will be prohibited in the IP ACL field;
  • change or set the method of notification for logging in with this API key. This applies only to keys issued for the entire account and involves the notification address (email/URL) field;
  • enable or temporarily disable this feature using the Active checkbox.

Next, click the Save API key button to save your changes.

To delete an API key, click the Delete API key button.

Attention

The API key cannot be restored once it has been deleted.

Using an API key

The API key can be used in the following ways:

  1. To obtain a session token required for subsequent API requests to an account or server in Invapi, authorization is necessary. Authorization can be obtained via an API key for access to either the entire account or a specific server through the auth/login call, depending on the API key used. If authorization is successful and the key is found in the database, the system will return the session token $HOSTKEY_TOKEN.

  2. To access the Server Control Panel, which allows server access without logging into your Invapi Control Center account, and to embed it as a standalone module in your billing system to manage HOSTKEY servers, you must generate server-specific API keys.

API key usage information

In the Usage history tab, select a specific key for an account or server and click on it to view all logins made with this API key during a certain period. The output will include the email and IP address used for the login, its success status, as well as the date and time of the event.

Obtaining an API key without a web panel

An API key can be obtained without using the web control panel by utilizing the API methods for working with API keys. These methods can be executed from the command line or embedded into web solutions.