Managing API Key Access


Overview

API keys allow secure access to selected TrustWorks API endpoints without requiring user login credentials. They are commonly used to integrate TrustWorks with external systems while maintaining controlled, role-based access.

🔑 Creating an API Key

Administrators can create API keys directly from the platform settings.

  1. Navigate to Settings → Keys Management.
  2. Click New Key.

    3. Select a user as the Owner of the API key.

      The API key inherits the same access level as the selected user:

      • Admin → admin-level access
      • Member → member-level access
      • Contributor → contributor-level access
    • Any resources created using this API key will list the selected user as the author.
  3. Click Create.

https://d33v4339jhl8k0.cloudfront.net/docs/assets/64abd93c75aa075e9b0afc56/images/67b2fbfdff14e4590bd18fde/file-Mdk42yL4Oq.png

https://docs.trustswiftly.com/~gitbook/image?dpr=4&quality=100&sign=fb8e5119&sv=2&url=https%3A%2F%2F1722465976-files.gitbook.io%2F~%2Ffiles%2Fv0%2Fb%2Fgitbook-legacy-files%2Fo%2Fassets%252F-MQXj2cAjHd66kg8IboI%252F-MZTfIfwDn4PaU0c1qnT%252F-MZTgG8wLHY0Ngt29EI8%252Fimage.png%3Falt%3Dmedia%26token%3Df120e710-39c2-40f4-9565-43fc712b20df&width=768

⚠️ Copy and Store the API Key

Once the key is generated, it is displayed only once.

  1. Copy the API key immediately.
  2. Store it securely in your password manager or secrets vault.
  3. Click Copy and Close to finish.

If the key is lost, it cannot be recovered and must be regenerated.

https://my.f5.com/manage/servlet/rtaImage?eid=ka0Po000000IB6f&feoid=00N1T00000AOnlF&refid=0EMPo00000GVPlh

https://docs.trustswiftly.com/~gitbook/image?dpr=4&quality=100&sign=fb8e5119&sv=2&url=https%3A%2F%2F1722465976-files.gitbook.io%2F~%2Ffiles%2Fv0%2Fb%2Fgitbook-legacy-files%2Fo%2Fassets%252F-MQXj2cAjHd66kg8IboI%252F-MZTfIfwDn4PaU0c1qnT%252F-MZTgG8wLHY0Ngt29EI8%252Fimage.png%3Falt%3Dmedia%26token%3Df120e710-39c2-40f4-9565-43fc712b20df&width=768

🔐 Using API Keys

To authenticate an API request, include the API key in the request headers:

x-tw-api-key: YOUR_API_KEY

Only endpoints that support API key authentication can be accessed using this method.

✅ Best Practices

  • Assign API key ownership based on the minimum required permissions.
  • Rotate API keys regularly to reduce security risks.
  • Never expose API keys in client-side code or public repositories.
  • Regenerate keys immediately if they are compromised.

Conclusion

API keys provide a secure and flexible way to integrate external systems with TrustWorks. By assigning the correct owner and following best practices, teams can ensure controlled access while maintaining auditability and compliance.

If you need further guidance, our Support Team is available to help.

Still need help? Contact Us Contact Us