Knowledge Base

Marketing Cloud

API Keys

An Introduction to API Keys

An Application Programming Interface (API) key acts as an intermediary or terminal that assists in the development of software architecture and defines how pieces of software code should interact with each other. Developers widely utilize them in building modern cloud applications, Internet-of-Things (IoT) devices, and websites that not only gather and analyze data but also allow users to input information.

📋 Important Note:

To make any API request through URL, users need to add the API Key in the request headers. Add the “ApiKey <your_api_key>” credential in the Value section, pointing towards the Header field in all URL requests.

api11(1).png

To learn more about Maropost’s open API guidelines, read our RESTful Framework-based API catalog articles.

Creating an API Key

To access this page, click on your user name profile and select Settings.
Choose API Keys under the Connections section.
From the API Keys index page, you can create, edit, delete, and manage your API licenses. To insert a new API Key, click on Add Key.
In the API slider, enter a name (max character limit: 32) to denote your respective API Keys.
Next, add a trustworthy IPv4-type IP address and whitelist it to enhance the API Key’s protection. When IPv4 addresses are entered, along with the API key, it restricts the access for any IP addresses (apart from those which are whitelisted) for:
- Any API calls made to api.maropost.com using that API key.
- Any API calls made to rdb.maropost.com using that API key.
- Direct access to that account's Relational DB (using the API key's name and value as user_name and password respectively for Mysql).
At most, you can add 50 IP addresses in a whitelist per API Key. Although it’s an optional feature, we highly recommend it for safety reasons.
Assign API privileges to your keys, so it can interact with various Maropost modules whenever an API call is triggered. Finally, click Save to apply the changes made.
An API Key is generated. Prefer to either copy the API token to your clipboard or download the pdf file that contains the keycode from the dialog box.
📋 Important Note:
Do take care to retrieve your API Keys from your account since, for security concerns, they won’t be available once you close the dialog box.

The new API Key gets displayed on the index page.

Managing API Keys

Maropost allows multiple API Keys to be added per account. Once created, all keys can be viewed on the index page, displaying their names, masked keys, and creation dates, with the most recently created keys listed first.

The Actions tab consists of two options:

Edit Key: This enables you to edit the name, IPv4 type address, and access rights.
Delete Key: This allows you to discard the API token from the system.

What is the purpose of whitelisting an IP address?

IP whitelisting is a cybersecurity practice that prohibits unauthorized users from accessing the network. When a user initiates an API call, Maropost can provide access to its server and software tools to specific IP applications or websites that have been granted permission by the user through whitelisting.

There are two scenarios pertaining to IP screening in the Maropost network:

If an IP checklist is maintained by the user, Maropost will only respond to requests from the listed IPs that are whitelisted, the rest will be blocked.
API Keys not having any whitelisted IPs can communicate with all other IP addresses in the server.

In contrast to blacklisting, which denies access to a specific list of applications and IP addresses, whitelisting restricts any IP address or website that isn't mentioned on the network administrator's list. Hence, whitelisting is regarded to have a default-deny approach, whereas blacklisting is considered a default-allow one.