Deployments: loading...

API Access Keys

What are Keys?

Keys are used for managing security role access to services on

You can create new keys to allow third-party services or users to access restricted services like private hooks, the datastore, or logs.

A common use-case would be creating a private hook service which is only accessible to clients who can provide a generated access key which has the role hook::run

A full listing of security access roles is available at /roles

What are Roles?

When creating a new access key, you must specify a set of roles associated with that key.

These roles determine what the new access key has permission to do.

Generating New Keys

To create new security access keys, simply login and use the form at the bottom of this page.

Role Checks

What are role Checks?

Role checks are used to determine if an incoming HTTP request has authorization to access the requested resource. offers several integrated roles and custom roles that may be associated with a generated Access Key.

Private Services

Accessing a role restricted service with a key is easy!

All you have to do is supply the generated hook_private_key variable as a HTTP request parameter ( URL GET Query Data / POST Form Data / JSON RPC / etc ) and that HTTP client request will be granted the roles associated with that private key.

For convenience, we've pre-generated an admin-access key for every account. You can use the generated hook_private_key for admin-access to access any of your private services from a third-party source. You can also simply delete your admin-access key and create a new key with custom roles.

Remember: All service level events on are available as roles, allowing granular access control.

Custom Role Checks

It'a also possible to add a custom role value when creating an Access Key. You may perform a custom role checks using any string value one of two ways.

Using the keys.checkAccess HTTP API method ( available in SDK)

Inside a Hook service as:

module['exports'] = function checkAccess (hook) {
  hook.req.checkAccess('hook::run', function(err, h){

This will be scoped to the current user session or hook_private_key HTTP parameter