API Keys and Access
Learn how to create and manage API keys for programmatic access to MovaBase
API Keys and Access
MovaBase provides API keys that enable programmatic access to your translation projects. This guide covers creating, managing, and securing API keys for your applications and workflows.
Overview
NEEDS_MEDIA
API keys allow you to:
- Programmatic Access: Access translations via API without manual intervention
- Automation: Integrate translation management into CI/CD pipelines
- Third-Party Tools: Connect external tools and services
- Custom Workflows: Build custom scripts and integrations
- Secure Authentication: Token-based access control for your projects
API keys provide secure access to your project's translations without exposing your user credentials. Each key is scoped to a specific project and can be revoked at any time.
Understanding API Keys
What Are API Keys?
API keys are unique tokens that authenticate API requests to MovaBase. They serve as an alternative to user authentication when:
- Building automated workflows and scripts
- Integrating with external services and tools
- Implementing custom translation pipelines
- Accessing translations from backend applications
- Enabling CI/CD integration for translation updates
Key Features
| Feature | Description | Benefit |
|---|---|---|
| Project-Specific | Each key is tied to a single project | Isolates access to specific translations |
| One-Time Display | Keys are only shown once when created | Prevents accidental exposure |
| Revocable | Keys can be deleted at any time | Provides instant access control |
| Trackable | Shows creation and last-used dates | Monitor key usage |
| Named | Keys can have descriptive names | Easy identification and management |
API keys are sensitive credentials. Treat them like passwords and never share them publicly or commit them to version control.
Creating API Keys
Key Creation Process
Access the API Key Manager from your project settings to create new keys.
Managing API Keys
Viewing Existing Keys
The API Key Manager displays all active keys for your project.
Revoking API Keys
Remove keys that are no longer needed.
Security Best Practices
Key Storage
Store keys securely using environment variables or secret management services.
Using API Keys
Authentication
When making API requests, include your API key in the Authorization header with format: "Bearer your_api_key_here".
The Authorization header is the recommended authentication method for most API requests.
Troubleshooting
Common Issues
| Issue | Solution |
|---|---|
| Authentication Failed | Verify API key is correct and not revoked |
| Forbidden Access | Check user permissions on the project |
| Rate Limiting | Implement exponential backoff for retries |
Best Practices
- Plan Ahead: Determine key needs before creating them
- Create Multiple Keys: Use separate keys for different environments/tools
- Document Usage: Keep track of which systems use which keys
- Regular Rotation: Set a schedule for key rotation
- Immediate Revocation: Revoke compromised keys instantly
- Monitor Usage: Track "Last Used" dates regularly
- Clean Up: Remove unused keys to reduce risk
Next Steps
Now that you understand API keys and access control, you can:
- Configure User Roles: Set up team permissions and access levels
- Manage Profile Settings: Customize your account preferences and security
- Set Up Organizations: Create and manage organizational structure
- Explore Integration Options: Connect with external tools and services
Part 12 of 14 • API Keys and Access Complete
Next: User Roles and Permissions