Access Management with the algoseek Console

This tutorial provides a guide to obtaining and managing API keys for the algoseek Datasets API. It also provides information on setting up IP Subnets that define trusted networks allowed to use RESTful API services.

Getting Started: The algoseek Console#

The algoseek console is the centralized hub for managing your account identity, team organization, data subscriptions, and API access.

Creating an API Credential#

Steps to generate a key in the console:

1. Navigate to Profile Settings, then the Team Authorization tab.

2. Click + Generate New API Key.

3. Assign a Key Name to the API key, for example, "Backtesting-Alpha-Bot", to track ownership and intent.
4. Specify the Expiration Period.
5. Click Generate. The new API Key will be displayed and you have the option to display it, and also to copy the key. Additionally, the new API key will be added to the API Keys list.

Checking and Modifying Key States#

The algoseek console provides a full listing of all API keys associated with your account.

• List Keys: In the Team Authorization, you can see all keys, their names, expiration dates, status, and the options to copy or delete a key.
• As noted above, once a key is created and listed, you won't be able to preview the actual API key. Use the Copy option to use the key, or paste it to your application, accordingly.
• Use the Delete option to remove the API key from the list and deactivate it permanently.

Managing IP Address Restrictions#

For institutional security, algoseek enforces IP whitelisting for all API requests. If a request is made from an unauthorized IP, the API will return a 403 Forbidden: IP address not allowed error.

• Add IP/Subnets: In the Team Authorization tab, you can manage a list of allowed IP addresses or CIDR subnet under the IP Subnets list. Click + Create New IP Subnet to define trusted networks allowed to use RESTful API services.

• Scope: IP restrictions are applied at the account identity level, meaning any API key generated for that account must originate from the whitelisted range.
• Best Practice: Only whitelist the specific static IPs of your production servers. For local development, ensure your office or VPN IP is added before testing.

Reset, Renew, and Rotating API Credentials#

To maintain a high security posture, algoseek recommends regular Key Rotation.

Key Rotation#

The console supports maintaining multiple active keys simultaneously. To rotate a key without downtime:

1. Generate a Secondary API Key.
2. Update your application to use the new key.
3. Once the new key is confirmed to be working, Revoke the old key in the console.

Key Expiration#

Every key is issued with an expires_at timestamp. You can view these expiration dates in the console API Keys list to ensure your automated systems are updated before a key becomes invalid.

API Credential Security Tips#

• Key Ownership: Assign keys to specific individuals or teams within the console to track which internal group is responsible for a key's usage and security.
• Expiration Reminders: Check the console regularly for upcoming expirations.
• Confidentiality: Never hardcode API keys in public repositories. Use environment variables and secret management tools to store your keys.
• Revocation: If an invalid_api_key error occurs, first verify the key's status in the console to ensure it wasn't disabled due to a security audit or expired status.