Authentication options

When building solutions as a developer, you currently have two options depending on your needs and type of solution. The below sections introduces these options and what to think about when using them.

API Keys

An API key is a programmatic unique token that represents a user in your tenant. This token, or API key as the feature is called in the platform, is essentially a password and anyone with a valid API key may use it to interact with the platform.

API keys are best suited for use cases outside of browsers. These use cases can for example be to use the Qlik command-line tool, or to do requests through a script or backend solution where the key is never exposed to the end-user of the solution.

Note: Since API keys are essentially passwords, keep them safe and don't share API keys with others.

API keys are used through the Authorization HTTP header, and has the format of a JWT token. An example request using curl:

  -H "Authorization: Bearer [YOUR_API_KEY]"
  -X GET

Generate your first API key

To use the API keys feature, your user needs to have the Developer role in your tenant. A tenant administrator can assign these roles to any known user in the system.

Once you have the Developer role assigned to your user, you can start creating API keys through your Hub user profile settings page:

  • Click your profile in the top right corner and select Settings
  • Select API keys
  • Click Generate new API keys
  • Enter an API key description and select when the API key should expire
  • Click Generate
  • An API key is generated
  • Copy the API key and store it in a safe place

Web integrations

Web integrations is a feature for handling Cross-Origin Resource Sharing (CORS) requests in Qlik Sense SaaS. By default, no CORS communication is allowed to your tenant unless an web integration has been configured to allow it. In essence, web integrations control what third-party domains may interact with your tenant APIs. For example, you are creating a web application and that you want to embed or fetch content from your tenant, then a web integration with a list of allowed (whitelisted) domains (also known as origins) needs to be created in the management console.

Make sure your tenant administrator has created a web integration with your intended domains for your web application.

Qlik Help has step-by-step instructions for tenant administrators.

For more in-depth information how to leverage web integrations in your solutions, see the Build web solutions page.