User Guide: Admin Tab

Key Management

To secure communication between an organization and the BlueFletch data services, BlueFletch provides options for the organization to configure and manage API and device keys.

API keys are SHA-256 hashed token values of randomly-generated strings used to verify the identity of an organization communicating with the BlueFletch backend system. API keys can be managed in the BlueFletch Portal.

Device keys, also encrypted tokens, validate requests from BlueFletch applications making data service API calls. Device keys can be managed in the BlueFletch Portal.

An organization can choose to manage its keys actively in the Portal or passively through its legacy API key. By default, active key management is disabled, and an organization administrator can copy the Legacy API Key value statically listed in the settings on the Admin - Organization page into its API headers and/or bfChat configuration. Access your organization page on the BlueFletch Portal here to enter the Manage Organization settings.

By enabling Use Key Management within the Organization settings, an organization administrator with the Key Management role can generate and revoke API keys and device keys, and has the capability to configure key expiration, key rotation, and token expiration timeframes in the organization settings.