Bramble

Bramble verifies your API requests through your account's API keys. Should a request fail to include a valid key, Bramble flags with an authentication error.

You can use the <a href="https://support.brmbl.io/en/articles/8868473-bramble-connector-home">Bramble Connector</a> to create, copy, and revoke API

keys. To access your v1 API keys, select the API Keys tab in the top right of the Bramble Connector.

If you use Bramble through a third-party platform, give the platform your API

keys so it can process requests on behalf of your account. 

___________________________________________________________

Anyone can use your secret API key to make any API call on behalf of

your account, such as creating <a href="https://support.brmbl.io/en/articles/6963808-the-check-in-screen">check-ins </a>or updating your workflow inventory.

Keep your keys safe by following these best practices:

Grant access only to those who need it.

Don’t store keys in a version control system.

Control access to keys with a password manager or secrets management service.

Don’t embed a key where it could be exposed to an attacker, such as in a mobile application.

- Grant access only to those who need it.
- Don’t store keys in a version control system.
- Control access to keys with a password manager or secrets management service.
- Don’t embed a key where it could be exposed to an attacker, such as in a mobile application.

For security, Bramble only shows you a secret or restricted API key once, upon creation. Store the key in a safe place where you won’t lose it. If you lose the key, you can 'revoke and delete it' and create another. 

You can't reveal a secret key that you created

When you create an API key, the value is displayed before you save it. You must copy the value before saving it, because you can’t reveal it later.  

If you delete a key, any code that uses that key can no longer make API calls.

Create a new key and update the code to use it.

In the row for the key you want to disable, click Edit, then select `Revoke`.

The window displays a confirmation. Revoke it by clicking it.

1. Open the API keys page.
2. In the row for the key you want to disable, click Edit, then select `Revoke`.
3. The window displays a confirmation. Revoke it by clicking it.

Enter a name in the Key name field.

Optionally change the contact email address for this key.

The window displays the new key value. Copy it by clicking it.

Save the key value. You can’t retrieve it later.

1. Open the API keys page.
2. Click Create/New API Key.
3. Enter a name in the Key name field.
4. Optionally set an expiry date
5. Optionally change the contact email address for this key.
6. Click Create.
7. The window displays the new key value. Copy it by clicking it.
8. Save the key value. You can’t retrieve it later.

To make an authenticated request to our API, follow our <a href="https://developers.brmbl.io/#authentication" rel="nofollow noopener noreferrer" target="_blank">Authentication guide in our developer documentation</a>.

Keep your keys safe

Reveal a secret or restricted API key

You can't reveal a secret key that you created

To revoke/delete an API key:

Create a secret API key

To use an API key