Authentication to Aurora’s API is granted through API keys (also known as “bearer tokens”). An Admin user for your tenant can create, retrieve, and delete the tokens using the API tokens screen in Aurora. For more details, see the Authentication section in Aurora API docs.

Table of Contents:

• API Tokens
• Restricted API Keys

API Tokens

If necessary, you can also rotate your API token by creating a new token and setting an expiration period for the original one.

Restricted API Keys

You can use restricted API keys to grant micro-services (internally-developed or third-party) access to your data in Aurora. Restricted keys grant access to only a specified subset of API endpoints for your tenant (e.g., only List and Retrieve Projects).

Customers can have multiple restricted keys with varying levels of access. To set up a restricted API key, follow these steps:

1. Navigate to Settings > API tokens from the Aurora app
2. Under “Restricted Keys,” select “+ New Key”
3. On the next page, name your API key
4. Toggle on the API endpoints that you’d like the token to have access to.
   • For select API endpoints, include any Tags to limit access to only API calls that include the tag. Learn more about Tags in our technical docs.
5. When complete, click “Save.”
6. From the API token page, you can view, copy, refresh, or delete any of the restricted API keys you’ve created.

Read more in our Restricted API Keys documentation here.