Skip to main content
All CollectionsAPI DevelopmentBuilding Frends APIs - API Keys
Example on Creating API Keys
Example on Creating API Keys

API Key

Ossi Galkin avatar
Written by Ossi Galkin
Updated over 10 months ago

Creating API Keys

When planning the needed API Keys, you need to consider what data is needed by the API clients in each case. Usually it is best from the API Key management point of view to have unique API Keys for each party who will be consuming the APIs.

In the example scenario, the financial department's integration Processes would be one API client party. It's better to group financial integrations as one API client using one certain API Key than create just one API Key for any internal API use case. This way, it's much easier to track where the financial APIs are being used and to have more fine grained limits for the API use.

In this case, let's assume there is no need to have separate rate limits for the Loan API and the Investment API. When this is the case, we can use one API Key to give access to both the Loan API and Investment API.


Steps for defining an API Key for financial integrations

1) In Frends web UI, navigate to Administration > API Keys

2) Click the "New API Key" button

3) Fill the API Key fields like in this screenshot:

Comments about the fields:

  • Name: It's better to use long and descriptive names. From this name we directly see it is meant for the financial integrations in the development Environment.

  • Environment: In Frends you need to create a separate Key for each Environment.

  • Key: Don't enter anything here. The Key will be automatically generated when you click the Save button.

  • Rulesets: For now, leave this field empty. If you already have the rulesets, you can select the rulesets linked to this Key.

  • Request limit: It is recommended to always set a request limit. Even if there will be a very limited number of requests to the APIs with this API Key, the request limit protects the API and the possible backend systems the API interacts with from excess use. Excess use might happen for example by accident when the API client consuming our financial APIs is developed. Another case for excess use could be if the API Key is leaked by accident or by result of a data breach. In both cases the rate limit helps to mitigate the effects of these kinds of scenarios.

4) Click the Save button.

The Key is now generated and shown in the Key field. This string consisting of numbers are letters is like a combination of a username and password. Anyone who has the API Key and knows which APIs it provides access to can use it. This is why it is important to only send it to those developers or partners who need it, as well as using a secure way to send the API Key. It is also good practice to send the API Key and the information detailing which APIs the Key is valid for separately.


Finally, repeat the steps to create an API Key for the partner company (Acme Webdev) to provide them with access to the Campaign API. Please set the following values for the API Key's fields:



Otherwise, this API Key is very similar to the key for financial integrations, but in this case we set the request limit to Per minute, because during the marketing campaign there can be bigger load with this API Key. If there are more requests with this API Key than 50 per minute, Frends will return an error, Request limit exceeded, for the API client. When a minute has passed from the first API request with the API Key, Frends will again accept new requests until the request limit is exceeded.


Lastly, save the Key by clicking the Save button.

The next article is Introduction to Passing an API Key to Frends API from a client

Related Articles
API Keys
Authentication for viewing API specifications
Introduction to API authentication
Introduction to API Authentication with Frends
Introduction to API Keys
Did this answer your question?