Je hebt Javascript nodig om deze website te kunnen gebruiken. Pas je browserinstellingen in om verder te gaan!
Authentication

Key management

Create, rotate, revoke, and securely manage the API keys assigned to your education region.

Learn how to create new API keys or rotate your keys.

This guide explains how to manage API keys for your region. You can create new keys, rotate existing ones, and safely revoke keys that are no longer needed. You can use any of your existing API keys to do so.

API keys are always scoped to a region. To manage keys, you must first know your region’s internal identifier.

Determining your region ID

Before managing API keys, retrieve your region details using the authenticated region endpoint:

GET /auth/regions/me

This endpoint returns information about the currently authenticated region, including its internal id. You will use this id when creating or deleting API keys.

Creating a new API key

To create a new API key for a region, use:

POST /auth/region/api-keys

The full API key is returned only once. Afterwards, only a short, non-sensitive preview is available. Copy and store the key securely immediately.

Provide a description to document the key’s purpose, such as “CRM integration” or “Sandbox testing”.

Listing existing API keys

API keys associated with a region are returned as part of the region object. You can inspect existing keys by calling:

GET /auth/regions/me

The response includes all API keys for the region, each with:

  • An internal key ID
  • A token preview
  • Metadata such as creation and update timestamps

The full secret value is never returned for existing keys.

Rotating API keys

API keys do not expire automatically. To rotate a key safely:

Create a new API key

Keep the existing key active while you prepare the change.

Update your integration

Deploy the new key to every system that uses the old one.

Verify the integration

Confirm that requests authenticate successfully.

Revoke the old key

Delete the old key only after verification is complete.

This approach avoids downtime and allows gradual rollout across multiple systems.

Deleting an API key

To revoke an API key, use:

DELETE /auth/region/api-keys/{id}

Where:

{id} is the internal identifier of the API key.

Deletion is prevented if the key is the only remaining API key for the region. Each region must always have at least one active API key.

Best practices

  • Create separate API keys per integration or environment.
  • Use clear descriptions to document each key’s purpose.
  • Store API keys securely and never commit them to source control.
  • Rotate keys periodically or immediately if you suspect compromise.
  • Use the sandbox environment for testing whenever possible.

Keep in touch with the latest

Sign up for our monthly deep dives - straight to your inbox.