Skip to content

API Keys Management

TrueWatch supports retrieving and updating data in the workspace by calling Open API interfaces. Before calling the API interfaces, you need to create an API Key as an identity authentication credential.

API Key is the core credential for accessing the TrueWatch Open API. It authenticates identity through the DF-API-KEY field in the request header and determines the workspace to which the request belongs.

For a detailed list of Open API interfaces, refer to Open API.

Prerequisites

  • You need to have Administrator or Owner permissions for the TrueWatch workspace to create and manage API Keys.
  • Understand the permission scope required by the API interface you need to call to configure the role correctly.

Create API Key

Steps

  1. Enter the TrueWatch workspace, click Manage > API Key Management in the left navigation bar.
  2. Click the Create Key button in the upper right corner.

  3. Configure the following information in the pop-up dialog:

    • Name: Set an easily identifiable name for the API Key, maximum length 50 characters.
    • Role: Select the role associated with this API Key, which determines its permission scope.

  4. Confirm.

Role and Permission Rules

1. Owner-level API Key Special Restrictions

  • Only visible to the Owner account, and only 1 can be created.
  • After creation, it is displayed by default at the top of the list.
  • Completely invisible to other roles (including Administrator).

2. Multi-role Permission Merging

  • If multiple roles are selected for an API Key, the final permissions will be the union (combined set) of the selected roles' permissions.
  • It is recommended to follow the principle of least privilege and only select necessary roles.

Obtain and Use API Key

After successful creation, on the API Key list page, click to enter the API Key details. The system displays the following information:

  • Key ID: The unique identifier of the API Key.
  • Key (Secret): The authentication credential used for API requests.

In addition, you can modify the name and role of the current API Key as needed:

Obtain

API Authentication Method

All Open API requests are authenticated via HTTP Header.