All Collections
APIs
API Authentication
API Authentication
How to authenticate with Semantik Public API
D
Written by Dave Almond
Updated over a week ago

The Semantik Public API supports API key authentication. API keys are unique string-like tokens that identify an application or service without any user. A valid API key is required for most requests made to Semantik Public API endpoints.

For security purposes, Ephesoft does not store API keys and cannot recover an API key should it be lost.

Try It Yourself

If you’re new to Ephesoft Semantik, you can sign up for a free trial to evaluate our solution in your own real-world environment.

Managing API Keys

API key management is done via the Semantik API Keys settings page. From this page you can view, create, edit, and remove API keys. Make sure to follow these best practices when working with API keys:

Do:

  • Create a new key for each application, service, and use case

  • Treat API keys as critical secrets

  • Securely store API keys during creation (they cannot be retrieved after creation)

  • Review API Key last usage date prior to disabling or removing

  • Disable API keys prior to removing them

  • Rotate API keys periodically

  • Remove unneeded API keys

Don’t:

  • Store or send API keys in clear text

  • Hardcode API keys in applications

  • Commit API keys to source control

Creating API Keys

Follow these steps to create an API key:

  1. Login to Ephesoft Semantik

  2. Navigate to Settings (gear icon) → Admin settings → API Keys

  3. Click on the Add API Key button

  4. Provide a name and description for the key

  5. Click Add

  6. Copy the key and store it in a secure location
    NOTE: Keys cannot be retrieved once the initial creation page is closed.

Using API Keys

The Semantik Public API requires a valid API key to be included with every request. Pass the API key as a header parameter with the following format. Replace API_KEY with your API Key.

Format

  GET https://api.us.ephesoft.io/v1/resource HTTP/1.1
  Authorization: ApiKey API_KEY

Curl Example

  curl --location --request GET 'https://api.us.ephesoft.io/v1/resource' \

  --header ‘Authorization’: ApiKey API_KEY

Disabling API Keys

It’s recommended to review the last usage date and disable a key prior to removing it. This helps ensure there are no consuming applications or services still using the key.

Follow these steps to disable an API Key:

  1. Login to Ephesoft Semantik

  2. Verify the last time the API key was used

    1. Navigate to Settings → API Keys

    2. Note the date of last usage

  3. Click the slider to disable the API Key

Removing API Keys

Note that it’s recommended to disable API keys prior to removing them.

Follow these steps to remove unused API keys:

  1. Login to Ephesoft Semantik at your custom URL

  2. Navigate to Settings → API Keys

  3. Hover over the API Key to be removed and click the trash can icon

Rotating API Keys

The Semantik Public API doesn’t force API keys to expire, however, it’s a security best practice to periodically rotate API keys.

Follow these steps to rotate API Keys:

  1. Create a new API key to replace the existing one

  2. Update the consuming application or service to use the new API key

  3. Disable the original API key

  4. Remove the original API key

Did this answer your question?