Generate an application-level service access key

As illustrated in Access keys, some of the SBS services require an application-level service access key (ALSAK). To generate an application-level access key, the only requirement is that you have already created the application for which you are generating the key.

You can generate an app-level service access key either from the graphical user interface of the SBS Console (Web UI), or programmatically from GraphQL. When creating the key, you can optionally set the following properties:

  • Description - Provides a text description that helps you easier identify the key.
  • Scope - Restricts the scope of the key to specific services only, or to even to specific queries and mutations of a service.

Web UI

To generate an application-level service access key through the Web UI:

  1. Sign in to the SBS Console and click the WebUI tab if it’s not already selected.

  2. In the left-hand side navigation menu, click Applications.

  3. Click the application for which you would like to generate the key.

  4. Click the Add Add Button button in the top-right corner of the service access keys table. A dialog box appears.

  5. Under Applications, select the application for which you are generating the key.

  6. Optionally, enter a key description.

  7. Under Scope, enter the extent of permissions available to the bearer of this key. For details, see Scope editor. Note that, if you leave the scope unset, the key bearer will be granted full access to all APIs that require an app-level security access key (for the selected app).

    Generate app-level service access key dialog box

  8. Click Generate App Level Key. The key is generated and the dialog box remains open.

  9. Click Show Secret Key and copy the private key value. You can now use this value in the x-api-key header when accessing a relevant SBS service.

    Generate app-level service access key dialog box

GraphQL

To generate an application-level access key:

  1. Sign in to the SBS Console and click the GraphQL tab. Alternatively, access the Account API programmatically from your own GraphQL development environment.
  2. Run the following mutation:
mutation generateALSAK($input: GenerateAppLevelServiceAccessKeyInput!) {
  generateAppLevelServiceAccessKey(input: $input){
    publicKey
    privateKey
  }
}

In the variables, make sure to replace the example values below with the ones you actually require:

  • appId - The unique identifier of the application for which you are generating this key. To view all applications and their details, run the apps query first.
  • description - An optional text description that will help you easier identify the key later.
  • scope - Restricts the scope of the key to specific services only, or to even to specific queries and mutations of a service. This is also optional. Bear in mind, however, that an empty scope means that access to all queries and mutations of all services is granted. When multiple scope strings exists, they must be separated by space characters. For more information about the syntax rules, see Restrict access to services.
{
  "input": {
    "appId": "YOUR_APPLICATION_ID",
    "description": "YOUR_DESCRIPTION",
    "scope": ""
  }
}

The privateKey field in the returned response contains the generated key.

Read more

Managing applications Verify an email identity