LogoLogo
  • PlaceOS Documentation
  • Overview
    • Key Concepts
      • Drivers
      • Interfaces
      • Modules
      • Settings
      • Systems
      • Triggers
      • Zones
    • Languages
      • Crystal
      • TypeScript
    • Protocols
      • MQTT
      • SAML
      • OAuth2
  • How To
    • Configure PlaceOS for Microsoft 365
      • Step 1: Room Calendar Access
        • Create Azure App Registration (Application Permissions)
        • Exchange Calendar Group
        • Limit Application Permissions
        • Configure PlaceOS Calendar Driver
      • Step 2: User Authentication & Calendar Access
        • Create a PlaceOS Authentication Source
        • Create Azure App Registration (Delegated Permissions)
        • Configure PlaceOS Authentication Source
        • Add User Login Redirects
      • Concierge Access
      • Troubleshooting
        • Blocked or Blacklisted IP Error
    • Configure PlaceOS for Google Workspace
      • Google Configuration
        • Create Google Cloud Project & Enable API
        • Configure Google Cloud Service Account
        • Add Google Workplace Permissions
        • Create Google Marketplace App (optional)
        • Google Workspace Service User (RBAC)
        • Configure Access to Google Resource Calendars
      • User Authentication
        • Create a PlaceOS Authentication Source for Google
        • Create Google Cloud OAuth2 Client App
        • Configure PlaceOS Auth Source for Google
        • Add User Login Redirects
    • Deployment
      • Deploy AWS Fargate on Modular CloudFormation Stacks
      • Deploy AWS Fargate on Nested CloudFormation Stacks
      • Writing Import Scripts
    • Analytics
      • MQTT Integration
    • Backoffice
      • Add a Domain to PlaceOS
      • Backoffice File Upload
      • Configure Staff API
      • Calendar Driver
      • Enable Sensor UI
      • Bookings Driver
      • Configure a webhook
    • Authentication
      • Azure B2C
        • Azure B2C Custom Policy Framework
        • Configure PlaceOS for Azure B2C
        • 365 Room Resources on Azure B2C
      • Configure SAML SSO
        • Configure SAML2 with AD FS
        • Configure SAML2 with Auth0
        • Configure SAML2 with Azure AD
        • Configure SAML2 with Google Workspace
      • Configure OAuth2 SSO
      • X-API Keys
      • Bearer tokens
    • Location Services
      • Location Services
      • Area Management
      • Discovering User Devices
      • Locating Users on a Network
      • People Finding with Cisco Meraki on PlaceOS
      • People Finding with Juniper Mist on PlaceOS
    • Notifications
      • Catering Orders
    • User Interfaces
      • Booking Panel App
      • Workplace App
      • Native Booking Panel App
      • Deploy a Frontend Interface
      • Microsoft Outlook Plugin
      • Configure Endpoint Auto Login
      • SVG Map Creation
      • Configuring a default UI
  • Tutorials
    • Setup a dev environment
    • Backend
      • Troubleshooting Backend Failures
      • Import Bookable Rooms
      • Writing A Driver
        • Testing drivers
        • ChatGPT / LLM Capabilities
          • Native GPT Plugins
      • Testing Internal Builds
    • Backoffice
      • Adding Drivers & Modules
      • Add Zone Structure
    • Common Configurations
      • Asset Manager
      • Catering
      • Locker Booking
      • Webex Instant Connect
      • Desk booking
      • Sensor Data Collection
        • Configure Kontakt IO
        • Configuring Meraki
        • Configuring DNA Spaces
      • Elevated Privileges
  • Reference
    • API
      • Real-time Websocket
      • Rest API
      • Staff API
    • Drivers
      • PlaceOS
        • Bookings
        • Staff API
        • Visitor Mailer
        • Lockers
      • Microsoft
        • Graph API
    • PlaceOS Skills
    • Privacy Policy
    • Recommended Products
    • Supported Integrations
    • System Architecture
    • System Functionality & Requirements
    • Infrastructure Requirements
    • Security Compliance
      • FAQ
      • GDPR
      • Security
    • Microsoft Azure Permissions
  • Glossary
  • 🎯PlaceOS Roadmap
  • 🆘PlaceOS Support
  • 👩‍💻PlaceOS Github
  • 📝PlaceOS Changelog
Powered by GitBook
On this page
  • Prerequisites
  • Generate API Key
  • Using the API Key
  • Removing an API Key
  • Scopes for Common Applications
Export as PDF
  1. How To
  2. Authentication

X-API Keys

PreviousConfigure OAuth2 SSONextBearer tokens

Last updated 1 year ago

PlaceOS can generate API Keys for authenticated access.

The API keys can be used for:

  • Accessing the

  • Using the

Prerequisites

  • Administrator access to your PlaceOS Backoffice

Generate API Key

  1. Login to PlaceOS Backoffice

  2. Navigate to the Admin Tab

  3. Select API Keys

  4. Select the domain the API Key will belong to

  5. Any existing API Keys will be shown in the list

  6. Click Add API Key

  7. Enter the required information:

    • Name: Suitable name for the API Key

    • Description: What the key will be used for (useful for other administrators)

    • Scopes: Select from available scopes (see available scopes below)

    • User: The user in which the API Key will emulate

    • Permissions: Permission level assigned to the API Key (see permission details below)

  8. Click Save

  9. The new API Key will be shown once after it is saved, you will not be able to view it again

Available Scopes

Available Scopes for API Keys are:

  • public A special scope that can access all routes (supports read and write modifiers)

  • api_keys

  • ldap_authentication

  • saml_authentication

  • o_auth_authentication

  • o_auth_applications

  • brokers

  • cluster

  • domains

  • drivers

  • settings

  • modules

  • systems

  • control .read: module class types, function list of a module, module state lookup .write: control websocket, API execute request

  • edges

  • metadata

  • repositories

Available Permissions

  • scope.read

  • scope.write

Using the API Key

API Keys are typically passed in the header of the request, however can be used in the following ways

  1. HTTP Header: X-API-Key: <token>

  2. URL param: ?api-key=<token>

  3. A HTTP Cookie: api-key=<token>

Removing an API Key

  1. Navigate to the API Key Page in Backoffice located in the Admin Tab.

Scopes for Common Applications

X-API Keys can be used for unattended panel authentication, scopes are required for these applications to function. The table below outlines common applications that require API Keys and the associated scopes.

Application
Scopes

Booking Panel

users.read

systems.read

control

zones.read (optional) `metadata.read` (optional)

Map Kiosk

public.read

guests A special scope for guests that provides

Click the trash icon to remove the key.

access to some APIs
Unattended Panel Access
PlaceOS API
Real-time Websocket
Select API Keys from Admin Menu
Select API Keys from Admin Menu
Showing the new API Key
Remove API Key
Add new API Key Form