Overview

Back in December 2021, we announced that the mechanism for API keys would be changing.

In summary, API keys would no longer be generated automatically for every user, so new API keys must be generated on demand. Additionally, these new API keys must be passed using the OAuth 2.0 Bearer token format. For full details, please see the previous New API Key Management announcement.

These changes were implemented on 13th January 2022, with the old API keys remaining valid for a year.

Therefore, this is to remind everyone that the old API key mechanism will be removed in January 2023!

Who will be affected?

Any user or integration that still uses an old API key to communicate with the Alloy APIs.

Details

As of the release date below, old API keys that were created before 13th January 2022 will no longer be valid.

Additionally, the /api/user/me endpoint (Swagger/ReDoc) will no longer include the old apiKey property in its responses.

To learn about the new endpoints for managing API keys, please see the previous New API Key Management announcement.

How can I check my API key?

The simplest way to check if your API key is "old" or "new" is to consult your code. Does it pass the API key in the OAuth 2.0 Bearer token format (RFC 6750)? If so, your API key is new!

Alternatively, you can use the GET /api/user/me endpoint (Swagger/ReDoc) before the release date to return information about the currently logged in user. If your API key matches the value of the depreciated apiKey property in the returned user, your API key is old.

If in doubt, we recommend using the POST /api/api-key endpoint (Swagger/ReDoc) to create a new API key.

Mesh Users

If you have any workflows that use a Call Mesh action, your Alloy customer project will need updating with a new API key. We've been reaching out to customers we believe to be affected by this, but if in doubt, please contact Support to request this.

Expected Release Date

26th January 2023 as part of the Alloy v2.43 release.