Enable Super Admins and Admins to generate, manage, and track API tokens within Agency Handy to support integrations with external applications securely.

⁠

Business Need

Security: Secure API access to external systems via unique tokens.

Usability: Provide a simple interface for managing API keys.

Accountability: Track API token creation with relevant details to ensure transparency.

⁠

User Goals

As a Super Admin/Admin, I want to generate API tokens to integrate external applications securely.

As a Super Admin/Admin, I want to view and track all generated API tokens, including metadata like name, version, and creation date.

Functional Requirements

1. API Key Section in Workspace Settings

Add a new option called "API Keys" under the Workspace Settings menu.

Only Super Admins and Admins will have access to this section.

2. Token Creation

Form Fields for New Token Creation:

Token Name: (Required, Max 32 characters).

Input validation for character count and blank field check.

Upon submission:

A new API Token (JWT) will be generated by the backend.

The token will be valid for 100 years (long-term validity).

A success message will display: "New API Token successfully generated."

3. API Token Table View

Display all tokens in a tabular format with the following columns:

Token: The generated JWT token.

Name: User-specified name of the token.

Created Date: The date and time when the token was generated.

⁠

4. Token Behavior

Token Validity: Tokens are valid for 100 years unless manually replaced or invalidated.

Token Deletion

Delete Option: Super Admins/Admins can delete tokens.

Confirmation Prompt: "Deleting this token will disconnect all associated connections. Proceed?"

Buttons: Cancel | Confirm

Backend Behavior: Blacklist deleted tokens to invalidate them immediately.

⁠

Additional info

About API key

The AgencyHandy API makes it easy for programmers to integrate many of AgencyHandy's features into other applications. Interested in learning more?

⁠

Read our API Key Documentation⁠

⁠

Non-Functional Requirements

Security:

Tokens will be JWT-based and include appropriate expiration claims (valid for 100 years).

Performance: API key generation must be fast and seamless.

Scalability: Support multiple workspaces, each with its unique API tokens.

Acceptance Criteria

Workspace API Key Management:

Super Admins/Admins can access the "API Keys" option in Workspace Settings.

Token Creation:

Users can successfully create API tokens with a name.

The generated token (JWT) is displayed and securely stored.

Token validity is set to 100 years.

Token Tracking:

Tokens are displayed in a table with name, token, and creation date.

Tokens are non-editable

Future Scope

Token Expiry: Add expiration options for generated tokens other than the default 100 years.

Revoke Option: Allow manual revocation of tokens without generating a new one.

Permissions: Enable finer-grained API permissions for specific integrations.

Audit Logs: Maintain a history of token creation and access activity.

Dependencies

Backend support for JWT token generation, invalidation, and secure storage.

UI/UX updates for the API Key section under Workspace Settings.

⁠

This PRD ensures a secure, scalable, and user-friendly API token management system that supports long-term integrations.

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.