API Keys
Overview
Section titled “Overview”The API Keys page allows Tenant Admins to create and manage API keys used by external systems or custom integrations to authenticate against the EZY Portal API on behalf of the tenant.
Access & Permissions
Section titled “Access & Permissions”| Role | Access Level |
|---|---|
| Tenant Admin | Full access |
| Account Admin | No access |
| Super User | Full access (via System > Service API Keys for infrastructure-level keys) |
Visibility Conditions
Section titled “Visibility Conditions”Always visible to Tenant Admins. Note: this page manages tenant-scoped keys only. Infrastructure-level keys are managed under System > Service API Keys.
Key Features
Section titled “Key Features”- Key Generation — Generate new API keys with a descriptive name and optional expiry date.
- Scope Assignment — Assign a set of permissions to each key, restricting it to specific API endpoints or actions.
- Key Revocation — Immediately revoke any active API key to block access without needing to rotate secrets.
- Last Used Tracking — View the last time each key was used to identify stale or unused keys.
- Key Rotation Workflow — Generate a replacement key before revoking the old one to ensure zero-downtime key rotation.
:::tip TODO
- Add a step-by-step guide for generating a scoped API key for a third-party integration.
- Provide a key rotation best-practices guide.
- Document the API authentication header format expected by the portal API. :::