API Key management

The API Key is a string token that can be used to access the Planning Space Web API. It is intended to be used for Planning Space automation tasks, and for access to the OData API (e.g., for OData API access from an external data analysis tool, such as Excel or Tibco Spotfire).

The process to generate an API key is explained in the Planning Space User Manual (Generate API Key).

Important: The API key value is not stored in the Planning Space tenant, for reasons of security. If the information is lost, the user must herself generate a replacement key by re-visiting the 'Generate API Key' website page. API keys should be controlled within your organisation in line with organisational IT policies. Tenant administrators can disable the API access of single user accounts, or disable API access for all users.

Security role 'API Key'

A user account must be granted the role 'Security/API Key' (see Tenant roles) to be able to access the 'Generate API key' function, and to use an API key to access the Planning Space APIs.

If the role is withdrawn, the loss of API access is immediate.

API key expiry

For version 16.5 Update 7 and later: API keys can be set to expire after a specific number of days, based on the IPS Service setting 'API Key Lifetime' (see Service configuration). The same setting will apply across all tenants.

The default setting is that expiry is disabled and API keys will have unlimited validity (this provides backward-compatibility with earlier versions of Planning Space). Otherwise, a number of days can be set between 0 and 366 days; fractional days may be specified.

Changing the setting does not affect the expiry date (or unlimited status) of existing API keys. The new setting will apply to API keys that are generated after the change has been made.

Planning Space tenant web: Generate API Key

The 'Generate API key' function is part of the Planning Space tenant home web interface. The user who needs the API key should log in to the web interface; their account must be granted the 'Security/API key' role before the login. It is not possible for Administrators to generate a key on behalf of a user; and keys are never stored in the Planning Space tenant data.

For detailed instructions, see the Planning Space User Manual (Generate API Key).

'AllowedApiKeyNames' setting

When the API key is used, it is presented to the API as an authentication password, combined with a particular username (which is not an actual username, since it is shared by all users).

The allowed username strings are 'FeedKey' and 'Account Key'. These are the default values for the IPS service setting 'AllowedApiKeyNames', which can be changed by the IPS Administrator (see Service configuration). Setting the username list to a blank value will block the use of API keys for all users.