IndyKite Developer Hub logo
Back to all guides
Environment

Credentials, Tokens and API URLs

What credentials, tokens and URLs are needed for the IndyKite platform.

This page is explains the essential information required to access and integrate with our platform. You'll find everything needed to authenticate your requests, secure your data, and connect your applications.

What You Will Find Here

The three core components on this page are:

  1. Credentials (Service Account credentials, AppAgent credentials): These unique identifiers verify your application or user identity. They contain a token used to initiate the authorization process.
  1. Access Tokens (Bearer Tokens): These are generated after successful authentication and grant you permission to access specific resources for a limited time.
  1. API URLs (Endpoints): These are the specific addresses you will send your requests to. They define the location and structure of the service you want to interact with, organized by region.

Credentials

ServiceAccount credentials

Service Account (SA) credentials are needed to interact with the Config API.

To create your first Service Account (SA) credentials, go to the UI HUB at the Organization level: first, create the SA, and then create the credentials for it.

The next SA credentials can also be created in the REST API (https://openapi.indykite.com/api-documentation-config#tag/default/post/service-accounts).

The SA credentials are a single file containing the endpoint, JWK information, and a Bearer token.

How to use with REST Config API:

In the Authorization header, set the Auth type to Bearer Token and the Token value to the token found in your Service Account (SA) credentials file (with "Bearer " in front of it).

The Config API endpoints are defined here: https://openapi.indykite.com/api-documentation-config

How to use with the Terraform plugin:

You will export one of the following environment variables:

export INDYKITE_SERVICE_ACCOUNT_CREDENTIALS_FILE=link-to-the-service-account-credentials

Or export INDYKITE_SERVICE_ACCOUNT_CREDENTIALS=content-of-service-account-credentials

You will find a guide to start with Terraform here: https://developer.indykite.com/guides/guide-terraform

AppAgent credentials

AppAgent credentials are needed to interact with all the APIs except the Config API: Authorization, Capture, ContXIQ, EntityMatching.

AppAgent credentials are defined at the Project level.

To create AppAgent credentials, you can go to the UI HUB, use REST Config API or the Terraform plugin: first, create an Application, then an Application Agent, and finally the credentials for it.

Example using the REST endpoints: https://developer.indykite.com/resources/environment-1

Example using the Terraform plugin: https://developer.indykite.com/guides/guide-terraform

How to use with REST Config API:

In the Authorization header, set the Auth type to APIKey, Name: X-IK-ClientKey and the Value: Token found in your AppAgent credentials file.

For the deprecated endpoints, in the Authorization header, set the Auth type to Bearer Token, and the Token: token found in your AppAgent credentials file (without "Bearer " in front of it).

The REST API endpoints are defined here: https://openapi.indykite.com/

_Application node

When a new Application with new credentials is created, an _Application node is created in the Graph database.

You can use the _Application node as an authenticated subject in the ContXIQ API: https://developer.indykite.com/guides/guide-contx-iq

User Access token

A user access token is typically created by an Authorization Server as part of the OAuth 2.0 authorization framework, which allows a third-party application (the client →IndyKite platform) to access protected user resources on a Resource Server (like an API) without ever getting the user's password.

The token contains information (often called claims or scopes) about the user's identity, privileges, and the specific actions (like read, write, or delete) they're permitted to perform.

Access tokens enable fine-grained authorization, ensuring a user only receives access to the precise scopes and data they are permitted.

They are used in KBAC / AuthZEN queries and ContXIQ execution queries.

In REST, user Access Tokens are sent in Headers: key:Authorization, value:Bearer token.

There are examples in https://developer.indykite.com/resources.

User access tokens are introspected to verify their validity.

For this introspection, you need to create a Token Introspect configuration in the Config API: https://developer.indykite.com/guides/guide-token-introspect.

REST configuration: https://openapi.indykite.com/api-documentation-config#tag/default/post/token-introspects

API URLs

EU url to connect to the REST APIs: https://eu.api.indykite.com

US url to connect to the REST APIs: https://us.api.indykite.com

⚠️ Security is Critical

Treat all information on this page as highly sensitive.

  • Never expose your Credentials or Tokens in public code repositories, client-side code, or application logs.
  • Use secure methods (like environment variables or secure vault services) to store them.
  • If you believe a credential or token has been compromised, use the management tools provided to immediately revoke it and generate a new one.