CyberGate API Access - in depth

overview the api access menu is where you manage the api secrets used to authenticate calls to the cybergate customer api each api secret has a name, a validity period, and a secret value that acts as a bearer token for api authentication api main functions the cybergate api features the following functions api command type description api version read get cybergate api version tenant information read get information about authenticated tenant call groups read get cybergate call groups defined for authenticated tenant call groups availability status update update a teams user’s availability status in a cybergate call group active call read verifies if the teams user is in an active cybergate call and has a door‑open code configured active call remote door opening update send a door‑open code for a specific user the user must be in an active cybergate device call, and only that device receives the command call log read get new entries from the cybergate call log audit trail read get new entries from the cybergate audit trail prerequisites api access must be enabled for your tenant before you can create api secrets if the customer api is not yet enabled, the page displays a notice with a contact support button clicking this button opens a pre filled support request to enable api access for your tenant viewing api secrets once api access is enabled, the page displays a table of all configured api secrets with the following columns column description name the name of the api secret a warning icon appears if the secret is expired or expiring soon (within 20 days) secret the first few characters of the secret followed by dots the full secret is only shown once at creation time creation time the date and time the api secret was created expiration how many days are left until the secret expires, or how many days ago it expired action a button to delete the api secret expiration warnings a warning icon appears next to the name when the secret will expire within 20 days a warning icon also appears when the secret has already expired expired secrets can no longer be used for api authentication sorting click any column header to sort the table by that column creating an api secret you can have a maximum of 4 api secrets at any time if you have reached this limit, the create button will be disabled with a tooltip explaining the restriction click the create api secret button at the top of the page fill in the required fields field description name a descriptive name for the api secret (max 256 characters) this name is used in audit logs for any actions performed with this secret special characters like \ / \[ ] " ! @ # $ % ^ & ( ) = { } ; are not allowed validity period (days) the number of days the secret will be valid minimum 10 days, maximum 365 days default 90 days click generate to create the api secret after creation, the modal displays the generated secret value along with a copy button copy and store the api secret immediately the full secret value is only shown once and cannot be retrieved later if you lose it, you will need to create a new secret click close to dismiss the dialog the new secret now appears in the table using the api secret once you have created an api secret, you can use it to authenticate requests to the cybergate customer api by including it as a bearer token in the authorization header curl x get https //cybergate cybertwice com/api/v1/resource \\ h "authorization bearer \<your api secret>" for a complete reference of all available api endpoints, click the api documentation link on the api access page this opens the interactive api documentation (swagger ui) where you can explore and test the available endpoints best practices rotate secrets regularly — create a new secret before the old one expires, update your applications, then delete the old secret use descriptive names — since the name appears in audit logs, use names that identify the application or purpose (e g , "monitoring dashboard" or "access control integration") monitor expiration — watch for the warning icons that indicate secrets expiring within 20 days expired secrets stop working immediately limit secret distribution — treat api secrets like passwords store them securely and avoid sharing them through insecure channels