Q1. What is an API key in Jaz, and what does it do?
An API key in Jaz is a secure credential that lets external systems access your org’s data. This is ideal for developers integrating Jaz with other tools.
Q2. Where can I manage API keys?
Go to Settings > Access Management > API Keys
From the API Keys tab, you can generate new keys, assign roles, view masked keys, and manage access.
Q3. How secure are API keys in Jaz?
Jaz securely generates, hashes, and stores API keys.
The full key is shown only once during creation and won’t be fully visible again. After that, only masked previews are visible for security.
Q4. What happens when I create an API key? What does “created by” mean in the API?
Creating an API key also creates a linked shadow user with a placeholder email to represent the key in your organization’s permissions. Shadow users cannot access the UI.
Q5. Can I control API key permissions?
Yes. You assign roles and permissions to API keys the same way you do for regular users. This ensures that keys only have access to the data and actions they need.
Q6. Can API key users log in to the app?
No. API key accounts are restricted from UI access. They cannot log in to your account and are intended strictly for API use.
Q7. How are API keys displayed in Jaz?
In the API Keys tab, each key is shown with:
A masked preview of the key
The assigned role and permissions
The linked shadow user email
Creation date and created by info
Full key details are never retrievable again after creation. This keeps the key secure.
Q8. What happens if I lose an API key?
If the full key is lost, you’ll need to generate a new one. For security, Jaz does not store or display the full key after it’s first shown.
Q9. Who can manage API keys (create, edit, delete)?
Only users with User Access Management permission can create, edit, or delete API keys.
Q10. What happens when an API key is deleted?
Deleting an API key also removes its linked user and organization user records.
Q11. How does authentication work with API keys?
The backend supports authentication using existing JWT tokens, which are securely passed through request headers.