Authenticate with Xkit Platform API

To authenticate with the Xkit Platform API you'll need a set of API keys. API keys issued by Xkit come in pairs:

  • a publishable key, which acts as a username and can be stored in cleartext
  • a secret key, which acts as a password and should be protected as such

Generate an API Key

To get an API Key set, you need to generate it in the Xkit Dashboard.

  • Click "Generate API Key" in the "API Keys" section of the Settings tab
  • Copy the publishable key and secret key

It's important to note that the secret API key will be shown to you once, and cannot be retrieved by Xkit again after that, so be sure to keep it safe.

Rotate API Keys

Xkit allows a virtually unlimited number of API Keys to be active, which makes key rotation easy.

  • Generate a new API Key, following the steps above
  • Use the new API Key in all your services that need to be updated
  • Revoke the old API Key by finding its entry in the table in the "API Keys" section of the Settings tab, clicking the "More" icon, and clicking "Revoke"

Revoking API keys has near-instant effect, and cannot be reversed. So ensure that your new API key is in use before revoking the old API key.

What’s Next