Lime CRM provides API-keys for external systems to programmatically access and update the information stored within. An API-key can be created for any user but best practice dictates that each external system should get its own dedicated API user.
Using an API-key is straight forward:
curl -H "x-api-key: ABC123" https://example.com/my_app/api/v1
More information about working with the Lime CRM REST API is available in the CRM Docs WIKI.
- Each user can only have one API-key
- API-keys have no expiration date
- LISA and Lime Admin only allow the creation of API-keys for API users
Creating an API-key¶
In LISA or Lime Admin,
- Create a new user of type API
- Add the user to one or more groups
- Select the user and click 'Create API-key' in the toolbar
The API key cannot be retrieved again after this so make sure to store it in a secure location.
Treat the key as a secret since an API key in the wrong hands can cause great harm. Don't send it in an email, on Teams or anywhere else it could be leaked.
Giving API users too much permissions is a security risk, don't add them to groups they don't need to be in.
For exampe: if the integration don't require write permissions to a lime type create a new policy and group to only allow read.
Advanced Server Options¶
Configure the round number¶
The method responsible for creating the api key, requires rounds number to generate the key. Since a high value for the rounds in api-key-generator can lead to slow response time, a new configuration is provided for the admin users so that they can get the best performance. In the following sections we discuss how you can calculate this number and set it.
Note that the decreasing this number radically could lead to security violation.
All API-keys must be re-created after changing this setting
Calculate the round number¶
In order to calculate the best round number regarding the expected response time and based on the host machine hardware power, you can use the cli tool which provided here. This tool calculate the rounds number By providing the hash_name (in this case pbkdf2_sha256) and the target time (expected response time) in milliseconds.
Set the round number¶
To set this number, you only need to add the following key in the config.yml as shown in the following example:
authentication: api_key_rounds_no: 30000
This is a machine level configuration meaning that all the applications on the same machine share this number.