Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

Dev GuideAPI ReferenceUser Guide
HomeDev GuideRecipesAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide
GitHubNuGetDev CommunityOptimizely AcademySubmit a ticket

API keys

Information on the API keys tab in the Optimizely CMS (SaaS) Settings.

Suggest Edits

API keys are used to request a token to authenticate with the CMS (SaaS) REST API.  To create an API key with code, see Create API Client.

You can add one or more keys if you have the name. Keys appear in the list at the bottom of the API Keys view.

  1. In your CMS (SaaS) instance, go to Settings > API Keys.

  2. Click Create API Key.

    • Address – The URL or endpoint where the API can be accessed. It is the location on the web where requests are sent to interact with the API.
    • Single key – A unique identifier that authenticates a client making a request to an API. It is often a token or string that grants access to the API's services or data, ensuring that only authorized users or applications can interact with the API.
    • App key – A publicly exposed string that is used by the server to identify the application making the request. The App key associates API requests with your application.
    • Secret – A secret known only to the application and the authorization server to authenticate the identity of the application to the authorization server when the application requests to access a protected resource. 
    • Impersonation – Select the dropdown to let the client act as the user authorized to access resources. Use this when you need the client application to perform actions on behalf of the user without the user being directly involved or present.

  1. Enter a Name and click Create API Key. The Name can only contain letters, numbers, hyphens, and underscores.

  2. (Optional) Select Impersonation. This lets the client act as the user authorized to access resources. Use this when you need the client application to perform actions on behalf of the user without the user being directly involved or present.

  3. The Client ID and Secret is auto-filled. Save these values.

    You can restrict what operations the API Key can execute. See the Authorization section.

Updated about 12 hours ago