API Authentication
Follow this process to authenticate API access securely in a SaaS tenant environment.
Step 1: Create an API Credential
- Open
Settings -> API Access. - Click
Create Credential. - Name the credential by owner and purpose.
- Assign least-privilege scopes.
- Save and securely store the value.
Step 2: Store Credential Safely
- Use a secrets manager.
- Never commit credentials to source control.
- Avoid sharing credentials across unrelated automations.
Step 3: Validate Access
curl "$CHYPER_API_BASE/projects" \
-H "Authorization: Bearer $CHYPER_API_KEY"
If the request fails, verify:
- Credential is active.
- Scope includes the requested resource.
- Request is sent to the correct base URL.
Step 4: Rotate Credentials
- Create replacement credential.
- Update dependent services.
- Confirm successful requests.
- Revoke the old credential.
Step 5: Revoke on Risk Events
Immediately revoke credentials when:
- A token is exposed.
- Ownership changes.
- Unexpected activity is detected.
Scope Design Best Practices
- Split credentials by workload.
- Keep write scopes narrow.
- Separate sandbox and production credentials.
- Review scope assignments quarterly.