Access and Authentication
Access to the Data Streamhouse Public API is controlled through API keys. API keys authorize clients to perform operations based on the roles and permissions assigned to the key.
Access Configuration
There are two ways to configure access to the Public API:
1. Admin API Access
At deployment time, a global admin-level API key can be configured by setting the following environment variable:
This API key provides full administrative access to all Public API endpoints.
Important: Only use the global API key in trusted internal environments. Rotate the key periodically according to your organization's security policies.
2. Scoped API Keys
Additional API keys with fine-grained permissions can be created and managed through the Portal UI:
Navigate to:
Create a new user and select "Public API" as the user type.
Assign a name to the API key for easier reference and management.
Assign roles and/or groups to the API key user to control access and permissions.
The API key will inherit the group memberships and role permissions assigned during setup.
This allows you to:
Limit access to specific API endpoints or resources.
Enforce strict permission boundaries based on operational needs.
Maintain auditability and apply the principle of least privilege.
Authentication
All Public API requests must include the following HTTP header:
Example request:
If the API key is missing, invalid, or does not have permission for the requested action, the API will respond with:
401 Unauthorized— Missing or invalid API key.403 Forbidden— API key does not have permission for the requested resource.
Best Practices
Prefer creating scoped API keys over using the global admin API key for regular operations.
Assign clear names to API keys to simplify auditing and management.
Treat API keys as sensitive credentials. Store them securely and restrict access.
Rotate API keys periodically.
Monitor and audit API usage as part of your platform security practices.
Last updated
Was this helpful?