API authentication and authorization
All API operations require authentication using a pair of API keys known as the account key and the secret key:
|Key name||HTTP Header name||Description|
||Account-level key assigned to all users of an account|
||Personal key associated with a specific user and possibly limited to certain IP ranges|
Enabling the API
The API is disabled all on all accounts by default. You must first enable the API before you can use it.
The account key identifies your specific account when you perform an API request.
You create the account key once when enabling API access.
If you need to change or delete your account key, please contact Redis Labs support.
The secret key is a personal key that belongs to a specific user having the owner role.
A user can generate multiple secret keys for themselves or for any other users defined as owners within the same account.
Every secret key has a name. You can use this name to identify which user made a specific API request.
For example, when you audit create, update, and delete requests in the system log, you can easily see which secret key was used for each request.
Authentication using API keys
You must authenticate using the account key and secret key on every API request.
You provide these keys as HTTP request headers.
Authenticating a request
An API request will successfully authenticate if the following conditions are met:
- Both the account key and secret key are valid and properly defined in the HTTP request headers.
- The secret key is associated with the same account as the account key.
- The request originates from a valid source IP. This requirement holds when you have defined sourced IP limitations for your secret key.
Managing and using API keys
The following articles describe how to create, manage, and use API keys for your team: