Managed API Keys

Implement API Keys using Tesseral

This article explains how you can add API Keys to your app using Tesseral.

1

Sign up for Tesseral

If you haven’t already, sign up for Tesseral at console.tesseral.com and follow the Quickstart Guide.

2

Enable Managed API Keys

Enabling Managed API Keys

Go to the Authentication page in the Tesseral Console and click on “Configure Managed API Keys”.

3

Create a Backend API Key

Creating a Backend API Key

Go to the API Keys page in the Tesseral Console and click on “Create Backend API Key”.

Copy the Backend API Key Secret Token. You will need it in the next step.

4

Enable API Keys in your backend code

In your backend code, configure an environment variable called TESSERAL_BACKEND_API_KEY. Set its value to the Backend API Key Secret Token you copied in the previous step.

Next, you’ll need to enable API Key authentication in your backend code.

If you haven’t already, follow the Express.js Quickstart Guide.

Enable API Key authentication by passing enableApiKeys to requireAuth:

1app.use(
2  requireAuth({
3    publishableKey: "publishable_key_...",
4    enableApiKeys: true,
5  }),
6);
5

Enable Managed API Keys for an Organization

Enabling Managed API Keys for an Organization

By default, Organizations don’t have Managed API Keys enabled. You must enable API Keys for an Organization in the Tesseral Console. (This is in service of letting you charge your customers for API access.)

To enable Managed API Keys for your customer, go to the Organizations page in the Tesseral Console. Go to the Organization’s API Keys tab, and enable Managed API Keys.

You will need to repeat this process for each Organization you want to enable Managed API Keys for. You can use the UpdateOrganization endpoint in the Tesseral Backend API to automate this process.

6

(Optional) Create a Managed API Key

Creating a Managed API Key

Once you have enabled Managed API Keys for your Project and in your backend code, you can create API Keys and your backend will recognize them as valid requests.

Your customers can create API Keys, or you can create them yourself from the Tesseral Console.

To create an API Key on your customers’ behalf, go to the Organizations page in the Tesseral Console. Under the Organization’s API Keys tab, click “Create API Key”.

From here, you can send an HTTP request to your backend code with the API Key you just created. Include your newly created API Key’s secret token as the value of the Authorization: Bearer header. For example, if your new API Key secret token is acme_sk_1234567890, you can send an HTTP request with the following header:

Authorization: Bearer acme_sk_1234567890

The capitalization of the word “Bearer” is important.