The LifeOmic platform allows its users to create and manage API Keys that can be used by applications to access the LifeOmic API. Instead of having to do the normal authentication process of entering in user credentials, an API Key can be supplied instead that acts on behalf of the user and provides the same level of access within the account.
Setting up API Keys¶
Go to https://apps.us.lifeomic.com to access the PHC.
Click on the account name in the header.
If you belong to only a single account, you'll be taken directly to the Account Management page. If you belong to more than one account, a dialog similar to the one below will appear. Find the account you'd like to manage from the list and click the "Manage" button.
Select the "API Keys" navigation option.
From the "API Keys" view you can see the list of any current API keys you have created. Every API Key has an expiration date. Once a key has expired it can no longer be used. This is in place to encourage users to rotate their keys on a regular schedule. From this same view, you can also delete an API key which will immediately make it no longer usable. This should be performed only if your key has been compromised or you no longer wish to use it.
To create an API Key, click the "ADD" button in the upper right corner. Then, create a name for the key and input the number of days before the key will expire (min 1, max 365). Click the "ADD" button to continue.
After the key is created, a dialog will open showing the value of the key. It is important to note that this will be the only time you will be able to get the key value. At this time you need to be prepared to store the API key in a secure location. The dialog has a copy to clipboard button to make it easy to get the value. You are now ready to use the API key to access the LifeOmic API. Also, remember API keys can be revoked on demand (see step 3).
As a best practice, we recommend that users of API keys should rotate their API keys on a regular basis. To ensure this, all API keys have a required expiration field (min 1 day, max 365 days). It is recommended you determine the rotation interval that works best for your use-case.
Because API keys tend to spread into code repositories or unnecessary locations during active development (e.g. docker containers), optimizing the continuous delivery pipeline to handle API key rotation will ensure this process is streamlined.