To connect your application with StackOne securely, you need to generate API keys. These keys authenticate your application and protect your data.

Step-by-Step Guide to Generating an API Key

1

Access the API Key Management Section

  • Log in to StackOne and go to the “API Keys” section in the left navigation menu.
  • This is where you can generate and manage your API keys.
2

Generate a New API Key

  • Click the “Create API Key” button. In the popup dialog, enter a name for your key (e.g., “stackone-ats-key”).
  • This name is a label and cannot be changed later. Click “Generate” to create your unique API key.
3

Select API Key Scopes (optional)

  • By default, API keys are created with full permissions. If you need to restrict the key’s access, you can select specific scopes by expanding the “Scopes” section selecting the scopes that match your application’s needs.
  • Read and/or write scopes can be selected for each of the Provider and Unified APIs.
4

Securely Store the API Key

  • The API key will be displayed on-screen. Copy it immediately and store it securely, as this is the only time it will be shown.
  • If you lose the key, you’ll need to generate a new one. Store the key in a secure location, such as a password manager.
5

Managing API Keys

  • The new API key will be listed in the “API Keys” tab.
  • You can view, revoke, or regenerate keys as needed, such as if there’s a security issue.

Using the generated API Key

Once you’ve generated your API key, it’s essential to know how to use it for authentication. You will need to include the API key for every API call. For basic authentication, you can use the API key in the username or password field when calling any API endpoint, such as the List Accounts endpoint.

Basic Authentication

If you need detailed steps on how to use the API key for basic authentication, including how to convert it into a Base64 encoded string, refer to the Basic Authentication Guide.

Recommendation

Secure API Keys and Credentials: Store your API keys and other sensitive information in secure locations such as key vaults or password managers. Avoid hard-coding them directly into your application. Use environment variables to pass these values to your application during runtime.