Access and Security

• Use an API Token in API Docs Example Requests
• Restricting Data Access to Specific Domains

API tokens (API keys) authorize access to IEX Cloud Data endpoints (Core Data) of purchased Data Bundles, access to workspace endpoints, and access to resource APIs. Tokens allow you to track, control, and throttle data usage. You can grant people access to data by giving them publishable tokens.

Warning

Your secret token (aka secret key) allows you to perform any action on your data and account. NEVER share your secret token publicly.

Here’s a video that demonstrates creating a token.

Read on for steps to create a token.

Creating an API Token

Here’s how to create and use a publishable API token.

1. Go to API Tokens. It’s listed in your user menu.

   

   The API Tokens page appears, listing your tokens in order, oldest to newest.

   

2. Click Create a token. A dialog window appears and asks if you are sure you want to add a publishable token.

   

   Note

   Publishable tokens have IEX Cloud Data (Core Data) read access by default.

3. Click Add publishable token. A new publishable token is added to the bottom of the token list.

4. Edit the token by finding it at the bottom of the token list and clicking on its gear icon or on its token ID. The API token form appears.

5. Define the token.

   Nickname: Enter a meaningful name.

   Signed Requests: Enables requiring a signature per request.

   Core Data Access: Read access to IEX Cloud Data is granted by default. You can alternatively revoke this access.

   Premium Data Access: Grants access to Premium Data (requires Premium Data subscription)

   Dataset permissions: Grants read/write/delete access to specified datasets.

   DEPRECATED

   Apperate and its features (including this feature) are deprecated.

   Allowed Domain(s): Leaving blank allows requests with the token from any domain. Specifying a domain(s) limits requests to be from that domain(s). Read more at Restrict Data Access to Specific Domains.

   Core Credit Usage Limit: Restricts the number of core credits available to the token.

   The token below, for example, can access Core Data and Premium Data, and has read access to three datasets.

   

6. When you’re done specifying the token, click Done. The token’s permissions take affect in a couple minutes. Then you can make the specified API calls using the token.

Note

A token’s permissions take affect a couple minutes after creating the token.

Now the token can be used in calling the specified APIs.

How many tokens do I need?

The number of tokens you may need depends on the number of customers and team members that you want to grant access to, the datasets they need, and in the case of team members, the actions they need to perform on your Apperate resources and your datasets. You’ll typically want to use multiple tokens when tracking, controlling, and throttling usage for different projects, apps, or end users separately.

What’s Next?

Ready to call some data APIs? See Query Data.

Want to get your teammates involved? Learn how to add teammates at Manage Users.