Skip to main content

Generate API Keys

Overview

After generating a Service ID, you can create API keys that will be used for specific API operations. API keys provide a secure way to authenticate and authorize API requests.

Prerequisites

Before generating API keys, you must have:

  1. JWT Authentication Token from login
  2. Service ID from the Generate Service Unique ID endpoint

Endpoint

URL: {{base_url}}/api/clients/generate-api-key

Method: POST

Headers:

Authorization: Bearer <your_jwt_token>
Content-Type: application/json

Request Body

{
  "service_id": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXJ2aWNlSWQiOiIyNzg5ZmM4Ni1iMjdkLTQzOTEtYTk5NC0yYTEzMTZiYTBjODkiLCJpYXQiOjE3NDk0NDI3MDcsImV4cCI6MTc0OTQ0NjMwN30.9T02sVHjKFCdtZoYn9auJ9GC5dX1CD4ll5VpMM06DmU"
}

Response

{
  "status": 201,
  "message": "API Key created",
  "data": {
    "id": "f7fa38ec-0e19-405c-820f-bf65912ab4ec"
  }
}

Example Request

curl -X POST https://k2-ussd-api.devlorde.xyz/api/clients/generate-api-key \
  -H "Authorization: Bearer <your_jwt_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "service_id": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXJ2aWNlSWQiOiIyNzg5ZmM4Ni1iMjdkLTQzOTEtYTk5NC0yYTEzMTZiYTBjODkiLCJpYXQiOjE3NDk0NDI3MDcsImV4cCI6MTc0OTQ0NjMwN30.9T02sVHjKFCdtZoYn9auJ9GC5dX1CD4ll5VpMM06DmU"
  }'

Important Notes

  • Service ID Required: You must provide a valid Service ID in the request body
  • JWT Token: Use the JWT token from login, not the Service ID
  • API Key ID: The response returns an API key ID that you'll use for other operations
  • Security: Keep your API key ID secure and don't expose it in client-side code

Error Responses

401 Unauthorized

{
  "status": 401,
  "message": "Invalid JWT token",
  "data": null
}

400 Bad Request

{
  "status": 400,
  "message": "Service ID is required",
  "data": null
}

403 Forbidden

{
  "status": 403,
  "message": "Service ID expired or invalid",
  "data": null
}

Best Practices

  1. Store API Key ID Securely: Use environment variables or secure storage
  2. Track API Keys: Keep a record of generated API key IDs
  3. Limit API Keys: Generate only the number of API keys you need
  4. Regular Cleanup: Delete unused API keys regularly
  5. Monitor Usage: Track API key usage for security purposes

Implementation Example

async function generateApiKey(jwtToken, serviceId) {
  try {
    const response = await fetch('https://k2-ussd-api.devlorde.xyz/api/clients/generate-api-key', {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${jwtToken}`,
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        service_id: serviceId
      })
    });

    const data = await response.json();
    
    if (data.status === 201) {
      console.log('API Key generated successfully:', data.data.id);
      return data.data.id;
    } else {
      throw new Error(data.message);
    }
  } catch (error) {
    console.error('Failed to generate API key:', error.message);
    throw error;
  }
}

// Usage example
const apiKeyId = await generateApiKey(jwtToken, serviceId);

Next Steps