API Management
Setting Up API Keys
An API key is a unique identifier used to authenticate an application or user's identity, typically used to control access to an API. API keys are commonly used in systems to restrict and track the usage of APIs, ensuring that only authorized users or services can access the relevant resources.
Step 1: Authentication and Authorization
-
Go to https://xm-opt.com and register for an XMO account.
-
Set up a password using your phone number/email, and complete the registration process.
-
Click on the personal center to access API management.
Step 2: Generating API Keys
Click on "Create a new API key" to generate your API key. Your new key will be displayed; click the button to copy the API key and save it securely.
Step 3: Verifying/Deploying API Keys
When an application requests API services, the API key is typically passed to the API server as a request header or URL parameter for authentication.
Revoking and Replacing API Keys
-
Revoking a key: If you believe an API key is no longer needed or has been compromised, you can revoke the key using the management tool.
-
Replacing a key: During key rotation, you can generate a new key, test it, and then revoke the old key.
- Treat your API key like a password; keep it confidential and secure!
- It is advisable to regularly update your API key (e.g., every 3-6 months) to reduce the risk of key exposure.
- When rotating keys, ensure that the new and old keys can coexist for a period to facilitate a smooth transition for applications.
API Monitoring and Logging
On the https://xm-opt.com official website, under the personal center - call monitoring page, we monitor the usage of API keys, recording details such as request time, source, IP address, etc., to identify potential misuse.
If your API calls exceed the agreed limits or exhibit extremely abnormal API usage behavior, we will take timely actions (such as revoking keys).