The HTTP authorization request header requires API keys to authenticate a user to access Kissflow's protected resources. You can follow these instructions to create an Access Key ID and Secret Access Key in your Kissflow account.
Note:
- Access Key ID and Secret Access Key are generated at the individual user level, not for the entire account.
- Users can create multiple access keys within a single account.
- To ensure security, users should delete unused access keys.
- Access keys are sensitive information that authenticate your identity and should be kept private to prevent misuse.
Security alert
Make API calls from the web application server as a best practice. Avoid direct browser calls using JavaScript to prevent exposing API keys. HTTPS/TLS/SSL should be used with basic authentication, as the base64 encoding is reversible and is not secure.