Generate and Manage API Key Sets

Demandbase One supports API Key Sets, a secure and flexible way to manage authentication for your integrations. Unlike the previous model, which allowed only a single, user-specific API token, key sets enable you to generate and manage multiple tokens at the platform level. This approach improves integration stability, simplifies access control, and aligns with modern security standards.

API Key Sets are used to authenticate requests to Demandbase’s public APIs. You can see the full API documentation at developer.demandbase.com.

Benefits of Using API Key Sets

Platform-Level Token Management

API keys are now issued at the platform level, not tied to individual users. This means integrations remain stable even as user roles change or accounts are deactivated. It also eliminates the risk of a single user-specific token creating access issues across systems.

Token Expiration and Manual Deactivation

Each credential set within a key set is automatically assigned an eight hour expiration period, encouraging regular rotation and minimizing the risk of long-term token exposure. You can also manually delete or expire tokens (or whole key sets) at any time, giving you full control over API access points.

Improved Security and Compliance

All tokens are encrypted in the Demandbase database to protect against unauthorized access. This enhancement supports best practices for data protection and aligns with enterprise-grade security requirements, helping ensure your integration credentials remain secure.

Generate API Key Sets

You can create up to 5 API Key Sets, regardless of whether they are active or inactive. Within each key set, you can create multiple tokens, but only 5 tokens can be active at a time.

1. From the navigate bar, go to Settings > APIs > API Key Sets.
2. Click Create New.
   
3. Enter an API Key Set Name.
4. Click Save.
5. On the API Permissions step, choose which APIs (Admin, B2B, Data Export, Data Import) this key set can access.
   Important: To see B2B API and Export API as selectable options, reach out to your CSM to enable these APIs.
6. Click Next.
7. Click Create Token to create a new API token.
   
8. The API Token generates two keys, Client ID and Client Secret. Copy and store them in a secure location. These are required to generate a JWT access token.
   Important: The Client Secret is not shown again once you close the window.
   
9. Click OK.

Use Generated API Tokens

To authenticate your API requests, you must generate a JWT access token using the Client ID and Client Secret key.

1. In the Generate JWT Access Token endpoint, pass the copied keys as parameters (clientId and clientSecret).
   Important: The resulting access token is valid for 8 hours.

2. Include the generated token in the header of your API requests as follows:

   Authorization: Bearer YOUR_JWT_TOKEN

   This access token authenticates requests to supported Demandbase APIs. See API documentation.

Manage API Key Sets and Tokens

You can delete or edit API Key Sets. You can also activate, deactivate, or delete individual API Tokens within each key set.

To manage API Key Sets:

1. From the navigate bar, go to Settings > APIs > API Key Sets.
2. Hover over a key set and click the settings icon.
3. Select one of the following options:
   
   • View Details: View and manage the API tokens within the key set.
   • Delete: Delete the key set.
     Note: All tokens within the key set must be deactivated before it can be deleted.
     

To manage API Tokens:

1. From the navigate bar, go to Settings > APIs > API Key Sets.
2. Hover over a key set and click the settings icon.
3. Click View Details.
4. Hover over a token and click the settings icon.
5. Select one of the following options:
   
   • Deactivate: Deactivate an active token.
   • Activate: Activate a deactivated token (up to 5 tokens can be active at a time).
   • Delete: Delete the token from the key set.