# Generating new API key

At Alphamoon Workspace API we use API keys to authenticate requests. Take a look at our step-by-step guide on how to generate your new API key.

## Go to Your profile to create API key

In order to create a new API Key sign in to Alphamoon Workspace and enter **Your profile:**

<figure><img src="https://1037371503-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa3NQDmelveCcQtL0yaFs%2Fuploads%2FRwKt8KUOAbnhCgOa5fVu%2FZrzut%20ekranu%202023-07-06%20140704.png?alt=media&#x26;token=7bd95753-af41-4ac7-9200-e4f01a4a1523" alt=""><figcaption><p>Dashboard view</p></figcaption></figure>

Below the Personal settings section, you will see another one - **Your organization's API Keys:**

<figure><img src="https://1037371503-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa3NQDmelveCcQtL0yaFs%2Fuploads%2FmSeKKud30PAdXjWe0nwm%2FYour%20profile%202.png?alt=media&#x26;token=e5fd830e-9669-4783-9e11-57563c39bc40" alt=""><figcaption><p>Your profile view</p></figcaption></figure>

\
Click the **Create new API Key** button and you will see the view below:<br>

<figure><img src="https://1037371503-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa3NQDmelveCcQtL0yaFs%2Fuploads%2FzIsBnLyq7zHveLzGkq8s%2FZrzut%20ekranu%202023-07-06%20154258.png?alt=media&#x26;token=f70b7234-7b12-46d0-bd0e-fb2e23597544" alt=""><figcaption><p>Create new API key view</p></figcaption></figure>

**Once the window shows up:**

* Enter your API key's name
* Select API access scopes (determining what actions you can perform within the API - you choose All or select only the ones you need).
* Select the expiration date of your API key (we recommend changing the API key every 3 to 6 months).

Then click the **Confirm** button.&#x20;

{% hint style="info" %}
**Note:**

Once expired your API key will stop working. Remember to **create a new one in advance** to ensure your application continues to operate.
{% endhint %}

When created, your API key will be shown at the top of the section. Metadata about your API key will be added to the table below:

<figure><img src="https://1037371503-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa3NQDmelveCcQtL0yaFs%2Fuploads%2FrX7jACuUHp8DXb3P1y63%2FZrzut%20ekranu%202023-07-06%20091101.png?alt=media&#x26;token=4ee7f79f-b36a-46ec-9c9c-fbbbdffc11f2" alt=""><figcaption><p>Your new API key</p></figcaption></figure>

{% hint style="info" %}
**Note:**

Make sure you **save your API key** in a safe place right away as you won't be able to view it again.
{% endhint %}

\
You can also **delete** an API Key here by clicking the bin icon.

## API key structure

The value of the API key is split by a colon into what we call a **user** and a **pass**. Bear in mind that these credentials are not the same as your Workspace login data.

**Example:**

If your **API key** has the value *h12shadjada:13ehjhj1b3j* then the value for the **user** is *h12shadjada* and the value for the **pass** is *13ehjhj1b3j*.

## API Key  - Security Rules

To ensure the full security of your API keys as well as your credentials, we recommend you follow these best practices:

{% hint style="info" %}

* **Keep your API key and credentials confidential:** Treat your API key and credentials as sensitive information and avoid exposing them publicly or including them in source code repositories.
* **Use secure communication channels:** Always transmit the API key and credentials over HTTPS to prevent eavesdropping or interception.
* **Regularly rotate your API key and credentials:** For added security, consider rotating your API key and credentials periodically or whenever there is a potential compromise.
* **Restrict API key and credential permissions:** Limit the scope of the API key and credentials by providing only the necessary permissions required for your application.
* **Monitor API key and credential usage:** Keep track of API key and credential usage and set up alerts or notifications to identify any suspicious activity.<br>
  {% endhint %}

####

#### See next: