Access keys
To access any SBS service, you need access keys. Access keys are strings that you must provide in the x-api-key HTTP header of the request in order to be able to make API calls. For an example of how to generate and use a service access key, see the Tutorial: Send an Email.
Depending on the data you want to access (tenant-level, app-level, or even account-level), access keys can be of the following types:
- Service access key (SAK) - This key is used to retrieve data at tenant level. More precisely, the bearer of the key can access API data for a specific app and for a specific tenant. Each key uniquely identifies a tenant-app combination. Consequently, in order to provide all your tenants with separate service access keys, you must generate a service access key for each tenant-app combination within your SBS account.
- App-level service access key (ALSAK) - This key is required for scenarios when the key bearer need access to app-level data. As illustrated in the table below, there are certain services that provide or modify data at app-level, and consequently you must use an app-level access key in that case.
- Account access key (AAK) - This key provides access exclusively to the Account API. The Account API enables you to perform programmatically the same SBS entity management actions that are available in the graphical user interface of the SBS Console. For example, such a key is useful if you have to create thousands of tenants (and their respective service access keys) and would like to do this programmatically.
Each key has a scope. Scope is a security mechanism which makes it possible to grant or deny access to various areas of the SBS API. You can set the scope to be as generic or as specific as needed by your business case. For example, when generating a service access key, you can limit its scope only to a specific service, or only to specific queries or mutations within a service. For more information, see Restrict access to services.
The following table summarizes the kind of keys that each service accepts: service access keys (SAK), app-level service access keys (ALSAK), or both.
| Category | Service | SAK | ALSAK | Notes |
|---|---|---|---|---|
| Account management | Account | This service accepts only an account access key (AAK). | ||
| Account information | Usage Monitoring | Yes | ||
| Publishing | Document Rendering | Yes | Yes | Accepts ALSAK for mutations. Query operations are allowed with either SAK or ALSAK. |
| Yes | ||||
| Localization | Yes | Yes | ||
| WebSockets | Yes | |||
| Identity | OAuth | Yes | ||
| User Management | Yes | |||
| Storage | File Management | Yes | ||
| Key-Value | Yes | |||
| Logging | Document Log | Yes | ||
| Geolocation | Yes | |||
| Process Audit | Yes | |||
| Information | Public Holidays | Yes | Yes | |
| VAT Validator | Yes | Yes | ||
| Romanian Tax Authority | Organizations | Yes | ||
| RO ANAF OAuth | Yes | |||
| RO E-Factura | Yes | |||
| RO E-Transport | Yes | |||
| Tax Declarations | Yes |
You can generate and manage security keys from the SBS Console.