In This Space

You can use the API tokenization feature in the Armor Management Portal (AMP) to create an API key. This key will help you log into the Armor API system. 

After you create a key, you can use a GET request to log into the Armor API system. 

Before You Begin

If you access the Armor API system through an AMP-generated API Key, then you will not be able to access the following endpoints:

  • Route("users/{id}/keys"), HttpGet]
  • [Route("users/{id}/keys/{key}"), HttpDelete]
  • [Route("users/{id}/keys"), HttpPost]
  • [Route("users/{id:int}/ActivationCode"), HttpGet]
  • [Route("users/resetpassword"), HttpPost]
  • [Route("users/setpassword"), HttpPost] - 
  • [HttpPut, Route("users/{id:int}")]
  • [Route("users/status"), HttpPost]
  • [Route("users/"), HttpPost]
  • [Route("users/{userId:int}/invite"), HttpPost]
  • [Route("users/LockedOut/{accountId}/{email}"), HttpGet]
  • [Route("users/unlock/{accountId}/{email}"), HttpPost]
  • [Route("users/softDelete"), HttpDelete]
  • [Route("usersecurity/challengephrase"), HttpPut]
  • [Route("usersecurity/securityinformation/{referencekey}"), HttpGet]
  • [Route("usersecurity/securityinformation/{referencekey}"), HttpPost]
  • [Route("usersecurity/securityinformation/existing/{referencekey}"), HttpPost]
  • [Route("usersecurity/challengephrase/{userId}"), HttpGet]
  • [Route("usersecurity/validatemfaphone"), HttpPost]
  • [Route("usersecurity/securityinformation/{accountId}/{userId}"), HttpPost]
  • [Route("usersecurity/validatephoneapppin"), HttpPost]

Step 1: Create an API Key

When you create an API Key, you will generate a Secret Key. This key does not expire; you must securely store this key because Armor cannot retrieve this key for you. 

If you lose the Secret Key, then you must delete the corresponding API Key in AMP. Afterwards, you must create a new API Key.

Armor cannot retrieve your Secret Key.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Users
  3. Click API Keys
  4. Click the plus icon. 
  5. Enter a descriptive name, and then click Create Key
  6. Copy the Key ID and Secret Key
  7. Click Close
  8. The API Keys table will display a new entry.

Step 2: Authenticate into the Armor API system

At a high-level, to authenticate into the Armor API system with your API token, you must create a header with the following information: 

  • ARMOR-PSK {Private Key ID}:{HMACSHA512 Signature}:{Nonce}:{Timestamp}

Review a sample authentication header: 

ARMOR-PSK 20a37099-4a0b-432f-bf46-5fa690a0405c:8wliK5PMXBrMNQX0DmXkkpC2YD5j+QtPH2xVRZM7jaaS0hC6jhRmtxy+nKJidDnYTpFc6blsO7+4VfKqslbqzA==:8jbj872s2h:1528140529
Authentication ComponentDescriptionExample
Authorization TypeUse ARMOR-PSK.ARMOR-PSK
Private Key ID

Use the Key ID generated in AMP.

HMAC signature

Specifically, create a SHA512 signature that includes the following parameters:

  • private key ID
  • httpMethod
  • requestPath
  • nonce
  • timestamp
  • requestbody

Enter a unique ID.

  • This ID cannot be longer than 128 characters.
  • This ID cannot contain a colon ( : ). 
TimestampEnter a Unix time stamp within 5 minutes of current time.1528140529

Step 3: Make An API Call

To learn about the different calls that you can make, see Armor API Guide.


If you cannot create or access the API Keys screen, consider that:

  • You may not have permissions to use this feature.
    • You must have the following permissions enabled: 
      • API Keys All Read 
      • API Keys All Delete 
      • API Keys Self Manage 
    • To learn how to update your permissions, see Roles and Permissions.

Was this helpful?
Your Rating:
1 Star2 Star3 Star4 Star5 Star
0 rates

  • No labels

This page has no comments.