Skip to content

Invapi account access API Keys management

In this article


The API key as a convenient means of authenticating for seamless access to API requests to Invapi.

An API key is a convenient way to authorize API requests to Invapi and access a specific server's Control Panel independently from your control center and personal account.

Obtaining an API Key for the entire Invapi account

  1. Navigate to Invapi and click on Username >> API access keys.

  2. Click the Add new API-key button to create an API key.

    • To identify the key in the Name field, enter its name;
    • In the Restrict a new API key only for the server drop-down list, select whether the key will apply to the entire account (Any) or to a specific server;
    • Specify the IP addresses from which access will be allowed using this key in the IP ACL field, or leave it blank for unrestricted access.
    • Choose a method of notification for access to the account using this API key from the Set login notification method drop-down list. Options include:
      • None (no notification);
      • E-mail
      • Webhook - send login information via HTTP-call to your website.
    • If you select E-mail or Webhook, enter the corresponding e-mail or URL in the Notification address (email/URL) field.
    • To activate the key, check the Active checkbox;
    • To add a new API key, click the button labeled Add new API key.

    The API key will be displayed to you.


Be sure to copy and save the API key value as it will only be displayed once. Invapi stores only the hash value of the key, so if the original key is lost, it will need to be recreated.

Managing API Keys for the entire Invapi account

To edit or delete an API key, navigate to either your account where it was generated and click on the desired key. In the window that appears, go to the General Info tab where you can:

  • change the key's name in the Name field;
  • set IP addresses from which calls using the key will be prohibited in the IP ACL field;
  • change or set the method of notification for logging in with this API key. This applies only to keys issued for the entire account and involves the notification address (email/URL) field;
  • enable or temporarily disable this feature using the Active checkbox.

Next, click the Save API key button to save your changes.

To delete an API key, click the Delete API key button.


The API key cannot be restored once it has been deleted.

Using the API Key for the entire Invapi account

The API key can be used to obtain a session token required for subsequent API requests to an account in Invapi, authorization is necessary. Authorization can be obtained via an API key for access to either the entire account or a specific server through the auth/login call, depending on the API key used. If authorization is successful and the key is found in the database, the system will return the session token $HOSTKEY_TOKEN.

API Key Usage Information for the entire Invapi account

In the Usage history tab, select a specific key for an account and click on it to view all logins made with this API key during a certain period. The output will include the email and IP address used for the login, its success status, as well as the date and time of the event.

Obtaining an API Key for the entire Invapi account without a web control panel

An API key can be obtained without using the web control panel by utilizing the API methods for working with API keys. These methods can be executed from the command line or embedded into web solutions.