Overview
API Keys is where you create and manage the keys that authenticate calls to CXF’s APIs. Each key can be enabled or disabled, and optionally restricted to specific URLs and IP addresses. Keys are passed as theapi-key when calling the
Contact API.
Where to find it
Settings → API Keys.Properties
| Property | Type | Required | Description |
|---|---|---|---|
| Title | string | Yes | A descriptive name for the key. |
| Description | string | No | An optional note about what the key is for. |
| API Key | string | Auto | The generated key value, shown masked (only the last characters are visible). |
| Allowed URLs | array | No | URLs allowed to use the key. Empty = all URLs allowed. Supports wildcards, e.g. https://*.example.com/*. |
| Allowed IP Addresses | array | No | IP addresses allowed to use the key. Empty = all IPs allowed. |
| Enabled | boolean | No | Whether the key is active. Defaults to on. |
Behaviour & rules
- A key with no allowed URLs or IPs shows “No restrictions (allows all URLs and IPs)”.
- Use the Enabled toggle to deactivate a key without deleting it.
- Create a key with New API Key; manage existing ones with Edit and Delete.
Governance & permissions
Only a super admin or Master can create, edit, and delete API Keys.Related
API & Developers
The APIs these keys authenticate against.
Contact API authentication
How the
api-key is used on requests.