Issue and revoke API keys

By default, you have a Master API key. You can issue additional API keys and revoke access by following the steps below.

If you're concerned one of your Master API keys has been compromised, you should follow these steps to issue a replacement key for it and revoke the old key.

If you're integrating with multiple systems (e.g. a CRM and a transaction monitoring system), you should issue one new API key for every system. You should do this for your demo account and your production account.

If you're using the full PassFort API, you'll need Read and write access for the Master API key permission. If you're using the PassFort Connect API, all you need is your Portal login.

Issue a new API key

  1. Log into the Portal with your demo login details or your live login details.
  2. Click the Manage account icon in the top right and select API Key.
  3. Click Issue new master API key. The Issue Master API Key dialog is displayed.
  4. Enter a name for your API key into the API key name field. Choose a name that's at least six letters long.
To ensure your audit reports will be easy to read, avoid using any of the names of your users as the name of your API key.
  1. Click Issue new API key. The new key is generated and displayed at the top of the list of keys. You can begin using it in your integration immediately.

Revoke an API key

Before revoking an API key, you may want to ensure the key is not being used anywhere in your integration. Once you revoke the API key, any integration using it will stop working immediately, and it is not possible to re-issue an API key that has been revoked.
  1. Log into the Portal with your demo login details or your live login details.
  2. Click the Manage account icon in the top right and select API Key.
  3. Click the Delete icon  next to the key.
  4. A confirmation dialog is displayed to let you know that this action cannot be undone.
  5. Click Yes, permanently revoke API key. The key is revoked and removed from your list of API keys.

Keeping your API keys a secret

The API key is how PassFort knows the request is coming from you - and not a malicious third party.

Your API keys are unique to your accounts, so when you get your API keys, you should keep them a secret.

If you need to access the PassFort API from an insecure location (e.g. the browser), contact our Support team and we’ll help find a solution.


How did we do?


Powered by HelpDocs (opens in a new tab)