To access Potion APIs you need to use API Keys. They ensure that you have the right to make API Calls. You can create as many API Keys as necessary.
API_KEY and API_SECRET
API_KEY and API_SECRET grant you access to all your project data and all API endpoints.
We advice you to use them only behing a backend server and not directly from browsers.
For security reasons and as we count API calls, it is strongly recommmended to respect that rule but you can still do whatever matches your needs.
There is some exceptions to that, some API Calls only requires your API_KEY and you can use them in your frontend application directly as the data exposed will not be private nor impactful on your project configuration. Still, be careful if you don't restrict your key usage as everyone could make API Calls on these endpoints.
API Keys usage limitation
By default, a key pair can be used without any restriction. But if you want to limit its usage, you can add a domain restriction to any of you keys in your administration interface.
We are currently working on a mobile app restriction to limit usage to your applications only
Revoke a key
One of the main usages of multiple API keys is that you can make key pairs for your partners to give them access to your project APIs. As time flies, some keys may be obsolete. You can revoke them in your administration interface to make them unusable.