Skip to main content

Authentication

Users interacting with the Management API via the Golioth console use a short-lived access token that is issued after successful login. For programmatic API access, longer-lived credentials are typically required. Golioth supports creating project-scoped API keys. An API key can only use the Management API to perform operations in the project in which it exists.

API keys are sensitive credentials that should be handled with care. In the event that an API key is exposed, it should be deleted immediately. Deleting an API key revokes all access and subsequent operations performed using it will fail.

Creating an API Key

API keys can be created in the Golioth console or using the goliothctl CLI. To create an API key with goliothctl, use the create command.

$ goliothctl apikeys create
id:"<api key id>" key:"YOUR_API_KEY" type:API_KEY

goliothctl can also be used to list API keys in a project with list command.

$ goliothctl apikeys list
id:"<api key id>" key:"YOUR_API_KEY" type:API_KEY

Using an API Key

API keys are included in requests using the x-api-key HTTP header.

$ curl -H "x-api-key: YOUR_API_KEY" https://api.golioth.io/v1/projects/{project-id}/devices
{ "list": [ { "id":"<uuid>", "name": "My first device", "hardwareIds": ["DE:AD:BE:EF"], "createdAt":"<timestamp>", "updatedAt":"<timestamp>" }] }, "page":0, "perPage":100, "total":1 }

Deleting an API Key

API keys can be deleted in the console or via the CLI. To delete an API key with goliothctl, use the delete command.

goliothctl apikeys delete <api key id>