Infuse IoTInfuse Docs
DocsGuidesAPI ReferenceResourcesConsole
Get StartedAdmin CenterIoTDBMarketplaceAnalyticsConcepts
IAM & Access

API Tokens

Create API-key principals and issue credentials for backend integrations.

API tokens are credentials issued to API-key principals. Use them for backend integrations that need to call Infuse APIs without a signed-in user.

Create and manage API-key principals from Access > API Keys.

Current Infuse IoT token limitation: API-key credentials issued here do not currently work with Infuse IoT APIs. Infuse IoT still uses legacy organisation-level admin tokens from /admin/developer.

Which Token to Use

NeedUse
Manage IAM API-key principals and role assignments in the tenant consoleAccess > API Keys
Authenticate current Infuse IoT API callsLegacy organisation-level admin token from /admin/developer
Exchange an IAM API key for a short-lived bearer tokenPOST /iam/auth/token, where supported by the API you are calling

The /admin/developer page is a legacy developer key flow. It exposes the linked Infuse IoT organisation id and the Infuse IoT admin API key used by current Infuse IoT API flows.

For API-led device onboarding with this credential model, see Infuse IoT Provisioning and Connect an IoT Device.

Create an API-Key Principal

  1. Open Access > API Keys.
  2. Select Create API key.
  3. Enter a display name for the integration.
  4. Choose the principal status.
  5. Add an optional expiry date.
  6. Create the principal.

The principal belongs to the current organisation.

Principal statuses are:

  • Active for credentials that can authenticate,
  • Suspended for principals that should not authenticate temporarily,
  • Revoked for principals that should no longer be used.

Issue a Credential

  1. Open the API-key principal.
  2. Select Issue API key.
  3. Enter a credential name.
  4. Add an optional expiry date.
  5. Create the credential.

The generated API key is shown once. Store it immediately in a server-side secret manager.

API keys use this format:

ik_<keyId>.<keySecret>

Do not use this IAM API-key value for current Infuse IoT API calls. Use the legacy organisation-level admin token from /admin/developer until Infuse IoT supports IAM-issued credentials.

Assign Access

API-key principals need role assignments before they can call protected APIs.

  1. Open the API-key principal.
  2. In Role assignments, choose a role that supports ApiKey principals.
  3. Save the assignment.

The role must be available to the current organisation and support API-key principals.

Revoke a Credential

Open the API-key principal and revoke the credential from the active credentials list.

Revoking a credential stops that credential from authenticating. It does not delete the API-key principal or remove other credentials issued to the same principal.

Do not expose API tokens in browser code, mobile apps, public repositories, or customer-visible examples.

Service Accounts

Understand API-managed service-account principals.

Token Exchange

Exchange API keys for short-lived bearer tokens used by secure server-side Infuse API integrations.