How to Create API Keys
Generate API keys to securely connect external systems like ERP, SCADA, or custom applications to Infodeck.
Quick Summary
Click the Settings gear in the sidebar, select API Keys, click Create API Key, name it, set permissions, and copy the secret immediately — it's shown only once.
Before You Begin
- Professional or Enterprise plan required
- You need api-keys:create permission
- Secure storage for the API secret
What Are API Keys?
API keys allow external systems to:
| Capability | Use Case |
|---|---|
| Read data | Export work orders to ERP |
| Write data | Create work orders from SCADA alerts |
| Automate workflows | Sync assets between systems |
| Build integrations | Custom applications |
Step-by-Step: Create an API Key
Step 1: Open API Key Settings
- Click the Settings gear icon in the sidebar (top-left)
- Select API Keys from the dropdown
- Click Create API Key
Step 2: Configure the Key
| Field | Required | Description |
|---|---|---|
| Name | Yes | Descriptive name (e.g., "ERP Integration") |
| Permissions | Optional | Limit what the key can access |
Step 3: Create and Copy Secret
- Click Create
- Immediately copy the secret key
- Store securely — it won't be shown again
The API secret is displayed only once at creation. If you lose it, you must revoke the key and create a new one.
Step 4: Secure Storage
Store the API key in:
- Environment variables
- Secrets manager (AWS, Azure, HashiCorp)
- Encrypted configuration files
Never store in:
- Source code repositories
- Plain text files
- Shared documents
Real-World Examples
Example 1: ERP Work Order Integration
Situation: Your SAP ERP needs to receive completed work orders for cost allocation.
Solution:
- Create API key:
- Name:
SAP ERP Integration - Permissions: Read work orders, Read assets
- Name:
- Copy secret and add to SAP configuration
- Configure SAP to poll Infodeck API:
GET /organizations/{orgId}/work-orders?status=Completed
Authorization: Bearer {api_key} - Process completed work orders in SAP
Result: Completed work orders automatically sync to ERP for financial tracking.
Example 2: SCADA Alert to Work Order
Situation: Your building management system (BMS/SCADA) should create work orders when equipment faults occur.
Solution:
- Create API key:
- Name:
SCADA BMS Integration - Permissions: Create work orders
- Name:
- Configure SCADA to POST on fault:
POST /organizations/{orgId}/work-orders
Authorization: Bearer {api_key}
Body: {
"title": "Equipment Fault - AHU-01",
"priority": "High",
"description": "Fault code F47 detected"
} - SCADA sends fault alerts automatically
Result: Equipment faults create maintenance work orders without manual intervention.
Example 3: Custom Mobile App
Situation: Field technicians use a custom mobile app and need to access work orders.
Solution:
- Create API key:
- Name:
Field Technician App - Permissions: Read/update work orders, Read assets
- Name:
- Integrate into mobile app backend
- App calls Infodeck API for:
- Fetch assigned work orders
- Update work order status
- View asset details
Result: Custom app provides tailored experience while Infodeck remains system of record.
Example 4: Data Warehouse Export
Situation: Business intelligence team needs historical data in their data warehouse for analytics.
Solution:
- Create API key:
- Name:
Data Warehouse ETL - Permissions: Read all data types
- Name:
- Configure ETL pipeline:
- Daily extraction at 2 AM
- Pull work orders, assets, IoT data
- Transform and load to warehouse
- Schedule automated sync
Result: BI team has access to historical Infodeck data for reports and dashboards.
Permission Scopes
Limit API key capabilities:
Available Scopes
| Scope | Description |
|---|---|
| work-orders:read | View work orders |
| work-orders:write | Create/update work orders |
| assets:read | View assets and IoT devices |
| assets:write | Create/update assets |
| locations:read | View locations |
| forms:read | View form submissions |
| iot:read | View IoT sensor data |
| users:read | View user information |
Scope Examples
| Use Case | Recommended Scopes |
|---|---|
| Read-only reporting | read scopes only |
| Create work orders | work-orders:write, assets:read |
| Full sync | All relevant scopes |
Managing API Keys
View All Keys
- Click Settings gear → API Keys
- See list of all keys with:
- Name
- Key prefix (first characters)
- Status
- Created date
- Last used
View Key Details
- Click on key name
- See permissions and usage stats
- Note: Secret is not shown
Revoke a Key
- Find the key in list
- Click Revoke or Delete
- Confirm revocation
- Key stops working immediately
Revoking a key immediately breaks any integrations using it. Ensure you have updated external systems before revoking.
API Usage Monitoring
Track API key usage:
| Metric | Description |
|---|---|
| Total Calls | Number of API requests |
| Success Rate | Percentage of successful calls |
| Last Used | Most recent API call |
| Errors | Failed requests count |
Rate Limits
| Plan | Rate Limit |
|---|---|
| Professional | 100 requests/minute |
| Enterprise | 500 requests/minute |
Exceeding limits returns 429 Too Many Requests.
Security Best Practices
Key Management
| Practice | Reason |
|---|---|
| Use descriptive names | Identify purpose quickly |
| One key per integration | Easier to revoke if compromised |
| Minimum permissions | Reduce risk surface |
| Regular rotation | Limit exposure window |
Rotation Schedule
| Environment | Rotation Frequency |
|---|---|
| Development | Every 90 days |
| Production | Every 30-90 days |
| After incident | Immediately |
Key Rotation Process
- Create new key with same permissions
- Update external system with new key
- Verify new key works
- Revoke old key
API Documentation
Full API reference available at:
- API Docs: docs.infodeck.io/api
- OpenAPI Spec: Available for download
- Postman Collection: Import for testing
Authentication
Include API key in request header:
Authorization: Bearer YOUR_API_KEY
Example Request
curl -X GET "https://api.infodeck.io/organizations/{orgId}/work-orders" \
-H "Authorization: Bearer sk_live_xxxxxxxxxxxxx" \
-H "Content-Type: application/json"
Troubleshooting
Authentication Errors
| Error | Cause | Solution |
|---|---|---|
| 401 Unauthorized | Invalid or missing key | Check key is correct |
| 403 Forbidden | Insufficient permissions | Add required scopes |
| 429 Rate Limited | Too many requests | Implement backoff |
Key Not Working
| Issue | Cause | Solution |
|---|---|---|
| Just created | Propagation delay | Wait 1-2 minutes |
| Was working | Key revoked | Create new key |
| Wrong environment | Dev key in production | Use correct key |
Plan Requirements
| Feature | Professional | Enterprise |
|---|---|---|
| API Keys | ✅ | ✅ |
| Key Limit | 10 | Unlimited |
| Rate Limit | 100/min | 500/min |
| Usage Analytics | Basic | Advanced |
Related Articles
Need help? Contact Infodeck Support