API Reference
Start typing to search…

Manage my API Key

Admins and Owners can perform the API Key actions from the API Key section. All API key operations are updated in the audit log and available via Reports.

  1. Navigate to Dev in your Liminal Vaults web dashboard.
  2. In the API Key section, click the ⋮ Actions menu to the right of the row of the key to manage your API key.
  3. Follow the steps in the guide to whitelist an address, disable/ enable, rotate, and delete a key.

Whitelist Address per Key

You can restrict API key usage to specific IP addresses using whitelisting, ensuring that only calls from approved sources can access your environment. For each API key, you can add both a Source IP and an Express Server IP to the whitelist. If a request originates from an IP address that is not whitelisted, it will be blocked, even if the API key is valid. Use it for enhanced security by ensuring that only trusted sources can access the API keys. You can whitelist the following IP address types:

  1. Source IP: The IP address of the client machine from which the request originates and is sent to the Liminal Express service.
  2. Express Server IP: The IP address of the container hosting the Docker image of Liminal Express.

Add Address

Follow the steps to add and whitelist addresses:

  1. Select IP Whitelist to open the IP Whitelist pop-up.

  2. In the Source tab,

    1. Enter the IP Address (IPv4) and CIDR (subnet mask) to specify the source address.

    2. Click Add.

    3. Enter the 2FA authorisation code to verify. Once verified, the source address is successfully added to the whitelist.

    4. Click Ok to close the success pop-up. You will receive a notification at your registered email address confirming the same. The address is added to the list of whitelisted IP addresses in the Source tab.

  3. Switch to the Express tab,

    1. Enter the IP Address (IPv4) and CIDR (subnet mask) to specify the Liminal Express server IP address.

    2. Click Add.

    3. Enter the authorisation code sent to your registered address to complete the verification. Once verified, the Liminal Express address is successfully added to the whitelist.

    4. Click Ok to close the success pop-up.

You will receive a notification at your registered email address confirming the same. The address is added to the list of whitelisted IP addresses in the Express tab.

Disable/Re-enable Address

You can disable a Source or Express IP address from the whitelist to temporarily block API key access from that location. This is useful if an IP is no longer trusted, or you want to pause access without deleting it. You can enable a previously disabled IP address to restore API key access from that location. This allows trusted IPs to resume calling your APIs without creating a new key.

To disable and re-enable a Source or Express IP address, follow the steps below:

  1. Navigate to Dev in your Liminal Vaults dashboard.
  2. Select IP Whitelist from the ⋮ Actions icon of the active API key to open the IP Whitelist pop-up.
  3. Disable IP address:
    1. Click Disable to disable a required source IP address from the list in the Source tab. Similarly, click Disable to disable a required Express IP address from the list in the Express tab.
    2. Click Disable again to confirm.
    3. Enter the required verification code sent to your email address. Once the action is successful, click Ok to close the pop-up.
  4. Enable IP address:
    1. Click Enable to re-enable a disabled required source IP address from the list in the Source tab. Similarly, click Enable to disable Express IP addresses from the list in the Express tab.
    2. Click Enable again to confirm.
    3. Enter the required verification code sent to your email address.
    4. Click Ok to close the pop-up once the action is successful.

You will receive a notification at your registered email address whenever you disable an IP or enable a disabled one, confirming the same. The action is updated to the list of whitelisted IP addresses in the Source and Express tabs of the IP Whitelist popup.

Rotating API Keys

Rotating the API key revokes it, and replacing it with an active key so you can continue using it securely. It is a security best practice that minimizes the risk of long-term exposure in case a key is leaked. You can rotate your active API key before it expires to continue using it.

When to rotate the key:

  1. When you want to update an active key’s expiry date.
  2. When you want to maintain security.
💡

Tip

Schedule period key rotations to maintain security.

Follow the steps below:

  1. Select the Rotate key option from the ⋮ Actions icon of the active API key.
  2. Select the expiry date from the calendar.
  3. Click the Rotate API key button.
  4. Liminal Vaults requires a verification code sent to your registered email address. Check the code in your one-time password app, enter it, and Continue.
  5. Click Download client ID and secret to download your API key values. Store it securely; you cannot retrieve it later.
  6. Before finishing up, we recommend specifying the source and express IP addresses you want to whitelist for your current IP address. Select Click here to navigate to the IP Whitelist panel.

Follow the steps mentioned in the Whitelist Address per Key (link) section to whitelist IP addresses for enhanced security.

Disabling/ Enabling API Key

Disabling an API key temporarily prevents it from being used without deleting it permanently. Disable a key when investigating suspicious activity or pausing usage for maintenance. A disabled key will have a red dot to mark its disabled status.

You can enable a previously disabled IP address to restore API key access to Liminal Express and start making API calls. This allows trusted IPs to resume calling your APIs without creating a new key.

💡

Tip

Use disable/ enable as a quick control for incident response, such as security breach, unauthorized use, or changes in your organisational requirements.

Disable API Key

To disable an API key, follow the steps below:

  1. Select Disable API key from the ⋮ Actions icon of the active API key.
  2. Click Yes, Disable to confirm.
  3. Enter the 2FA authorisation code sent to verify.
  4. Click Ok to confirm the success pop-up.

Enable Disabled API Key

To enable an API key, follow the steps below:

  1. Select Enable API key from the ⋮ Actions icon of the active API key.
  2. Click Yes, Enable to confirm.
  3. Enter the authorisation code sent to your registered email address.
  4. Click Ok to confirm the success pop-up.

You will receive a notification at your registered email address whenever you disable an API. It is also updated in the API list of the Liminal Vaults developer dashboard.

Deleting API Keys

Deleting an API key permanently removes access for that credential, and you cannot use it any longer. Unlike disabling, deletion cannot be reversed. Only delete keys that are no longer in use and have been removed from all integrated applications.

💡

Tip

Ensure there are no impacting changes before deleting the API key.

Follow the steps below:

  1. Select Delete API key from the ⋮ Actions icon of the active API key.
  2. Click the Delete Key to confirm.
  3. Enter the authorisation code sent to your registered email address.
  4. Click Ok to confirm the success pop-up.

You will receive a notification at your registered email address whenever you delete an API key. an API. It is also updated in the API list of the Liminal Vaults developer dashboard.

Demo: Whitelist IP Address