Authentication

Authentication for Ketryx API endpoints happens via API keys.

API keys can be configured at the organization level under Organization > API keys:

Each API key can have the following permissions, controlling what a caller using an API key can do with the API:

1. Create project: whether new projects can be created

2. Create version: whether new versions can be created

3. Delete project: whether projects can be deleted

4. Delete version: whether versions can be deleted

5. Get generated document: whether documents can be generated and downloaded

6. List projects: whether a list of projects can be retrieved

7. List versions: whether a list of versions can be retrieved

8. Manage project settings: whether project settings can be retrieved and changed

9. Report test results: whether new builds and test results can be reported to Ketryx projects

10. Retrieve release status: whether the release status of project versions can be checked

11. Get items: whether items and records can be retrieved from projects

12. Write items: whether items can be created or modified in projects (see documentation Item API | Create or update an item)

13. Get repository: whether repository information (e.g., dependencies, vulnerabilities) can be retrieved

14. List user groups: whether a list of user groups in the organization can be retrieved

Immediately after creating an API key, a secret token is displayed and can be copied and pasted into a secure location. This token can be used as the Authorization header in direct HTTP requests to the Ketryx API, in the following form:

API keys can also be used as the api-key parameter to the Ketryx GitHub Action.