API Keys

Create and manage API keys for programmatic access to the Yipii IoT API

API keys provide a simple way to authenticate with the Yipii IoT API. Each key is a long-lived Bearer token that can be used directly in API requests without the OAuth2 client credentials flow.

When to Use API Keys

API keys are ideal when you need a straightforward token without managing OAuth2 client IDs and secrets.

Creating an API Key

Step 1: Navigate to API Access

Open the API Access tab from the user menu or navigate to Settings and select the API Access tab.

The API Access page provides quick links to the User Guide and API Reference, along with the API key management section.

Step 2: Create a New Key

Click Create API Key to open the creation dialog. Enter a descriptive name that helps you identify the key's purpose later (e.g., "Reporting Integration", "Fleet Dashboard", "CI Pipeline").

Step 3: Copy Your Key

After creation, your API key is displayed once. Copy it immediately and store it securely — you will not be able to view it again.

Using Your API Key

API keys work as Bearer tokens. Include them in the Authorization header of all API requests:

cURL

curl -X GET "https://api.yipii.io/api/{account_key}/asset" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"

JavaScript

const API_KEY = process.env.YIPII_API_KEY;
const ACCOUNT_KEY = 'your-account-key';
 
const response = await fetch(
  `https://api.yipii.io/api/${ACCOUNT_KEY}/asset`,
  {
    headers: {
      'Authorization': `Bearer ${API_KEY}`,
      'Accept': 'application/json',
    },
  }
);
 
const data = await response.json();
console.log(data);

Python

import requests
import os
 
api_key = os.environ['YIPII_API_KEY']
account_key = 'your-account-key'
 
response = requests.get(
    f'https://api.yipii.io/api/{account_key}/asset',
    headers={
        'Authorization': f'Bearer {api_key}',
        'Accept': 'application/json',
    }
)
 
data = response.json()
print(data)

Managing Keys

Viewing Your Keys

All active API keys are listed in the API Access tab, showing the key name, creation date, and expiration.

Revoking a Key

To revoke a key, click the delete icon next to it. A confirmation dialog ensures you don't accidentally revoke an active key.

API Endpoints

You can also manage API keys programmatically:

Create Key via API

curl -X POST "https://api.yipii.io/api/{account_key}/api-keys" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "My Integration Key"}'

Response:

{
  "id": "abc123",
  "name": "My Integration Key",
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOi...",
  "expires_at": "2027-02-08T00:00:00Z"
}

List Keys

curl -X GET "https://api.yipii.io/api/{account_key}/api-keys" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Revoke Key

curl -X DELETE "https://api.yipii.io/api/{account_key}/api-keys/{key_id}" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Security Best Practices

1. Never commit keys to source control — Use environment variables or a secrets manager
2. Use descriptive names — Name keys after their purpose so you know what to revoke
3. Rotate periodically — Create new keys and revoke old ones on a regular schedule
4. Revoke unused keys — If a key is no longer needed, revoke it immediately
5. One key per integration — Use separate keys for each service or environment

Environment Variable Example

# .env file (never commit this!)
YIPII_API_KEY=your_api_key_here
YIPII_ACCOUNT_KEY=your_account_key

// Load from environment
const apiKey = process.env.YIPII_API_KEY;

Next Steps

• Authentication — OAuth2 client credentials flow
• Quick Start Examples — Common API usage patterns
• IoT-BE API Reference — Full API documentation