API keys

API keys allow access to the Booking Service API without using a login.

You manage API keys via admin menu → admin → API keys.

You can (and should) give each API key a descriptive name.

When you create or edit an API key, you can add Roles to it. Roles are used to allow access to specific data or actions, and are also allocated to User Access Levels. API keys provide a second way to access data and functions, in addition to a user login, which gains Roles according to the Access Level of the user.

In the case of Custom Queries, the name of the query is used as the role to give access. This type of implied Role is not given to admin (user) logins.

One API key can have multiple Roles associated with it. You can generate a new API at any time. Changing an API key frequently, is good security practice.

The Booking Service uses API calls to send and receive data and commands. If you give an API key the appropriate role, you can make the same API calls without a login, by using the API key as part of the API call.
Your robot can include the API key in a call by using a HTTP header:
Authorization: {apikey}
(don’t include the braces).