Types of API Keys
Personal API Keys
Personal API Keys help developers in early stages of exploration and prototyping with Vectara. This method provides a straightforward getting started experience for integrating accounts with external applications without the complexity of OAuth authentication. You can use Personal API Keys when putting together a quick prototype or if you are working on an integration that does not yet support OAuth 2.0.
Personal API Keys let you perform tasks including creating, deleting, and listing corpora, managing API keys for accessible corpora, reading usage data, updating corpora filters, executing queries, and indexing.
A Personal API Key inherits the permissions of the user account it is associated with. For instance, a key generated by a billing admin will possess only billing admin-related permissions. Because of their broad access, treat Personal API Keys with the same caution as passwords.
Query API Keys
Query API Keys are recommended for read-only querying operations and are designed for embedding in code that runs in potentially insecure environments like web browsers or mobile apps. Query API Keys provide the least amount of risk because they have a limited scope and do not modify account data.
Index API Keys
Index API Keys offer a practical solution for development and testing phases for when you need read and write access. Because they also provide write access, Index API Keys are more powerful than Query API Keys and should be treated like passwords and used with caution in production environments.
OAuth 2.0 Tokens
OAuth 2.0 provides the most secure authentication method for production environments. Capabilities like automated token expiration provide inherent benefits over API Keys.
API Key Prefixes
For ease of identification, the API Key types each have a specific prefix:
- Personal API Keys begin with
zut_ - Query API Keys begin with
zqt_ - Index API Keys begin with
zwt_