Authentication

The developer-ready API endpoint can be accessed via Bearer tokens.

Creating API Keys

Go to Admin Center > API Keys or click this link, and follow these steps:

• Click on Create API Key and provide a Name

• Select access mode and scope

• Copy your API Key. Please copy this key and save it somewhere safe. For security reasons, it cannot be viewed again.
  

If you are an Admin and cannot see the API Keys page, it needs to be enabled for your account. Please reach out to your Unleash representative.

Access Mode

When generating an API key, you need to select either an Impersonated key or a Non-Impersonated key. Non-Impersonated keys allow API requests to be executed on behalf of the user who generated the key, thereby upholding their permissions and access rights. Conversely, for Impersonated API keys, the requester must explicitly indicate the user identity by adding a specific "unleash-account" header in the request. The API call will then be performed on behalf of the user identified in that header.

For security reasons, only admins are permitted to generate Impersonated API keys, while regular users are restricted to creating personal Non-Impersonated keys. The “user-account” header can accept either the user's email address or the Unleash account ID as its value.

Scope

API keys should be restricted to specific assistants only. It is recommended not to create API keys with platform-wide access.