Getting an API Key
To access the GraphQL API, users must obtain an API key from their Dema account settings. Follow these steps:
- Navigate to Settings in the Dema Application.
- Locate the API Keys section.
- Generate an API key and configure its expiration and scopes/access level.
- Copy the generated API key for use in your requests. (Note: The API key is only visible once when it is generated. If you lose it, you will need to generate a new one.)
Using Your API Key
Authentication is required for all requests and must be passed via the Authorization header:
Authorization: Bearer API_KEY
Example Request
Here’s how to include the key in a cURL request:
curl -X POST https://api.dema.ai/graphql \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{
"query": "query OrganizationInfoQuery { account { id name } }"
}'
Keep your API keys secure and never expose them in client-side code or public
repositories. Treat API keys like passwords—rotate them regularly and revoke
any keys that may have been compromised.
Best Practices
- Setting expiration: When the API usage is limited to a specific time frame, it’s a good idea to set an expiration date, to avoid forever lasting API keys.
- Scopes: Set appropriate access levels/scopes for each key, and avoid granting more access than necessary.
- Revocation: Immediately revoke any tokens that may have been exposed or compromised, this can be done in the API key settings by either deactivating the key or deleting it.
API key policies
- Any updates to API key configuration like status changes (active/inactive), last usage, expiration, or scope changes are reflected in real usage after a few minutes.
- API keys are automatically removed if they are inactive and there hasn’t been any activity on them in the last 60 days.
- API keys are removed 7 days after they expire.
