EUlabel
Authentication

API Keys

Create, rotate, and revoke API keys for the EUlabel API.

API keys provide programmatic access to the EUlabel API. Each key is scoped to an organization and can be restricted to specific permissions.

Creating an API key

Create keys through the Dashboard or via the API (requires an active session):

curl -X POST https://api.eulabel.eu/v1/auth/api-keys \
  -H "Cookie: eulabel_session=..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "CI Pipeline Key",
    "scopes": ["products:read", "products:write", "passports:write"]
  }'

The API key is returned in the response and displayed only once. Store it securely.

Listing API keys

curl https://api.eulabel.eu/v1/auth/api-keys \
  -H "Cookie: eulabel_session=..."

Returns all active keys for your organization (keys are masked -- only the prefix is visible).

Revoking an API key

curl -X DELETE https://api.eulabel.eu/v1/auth/api-keys/KEY_ID \
  -H "Cookie: eulabel_session=..."

Revocation takes effect within seconds. Revoked keys cannot be restored.

Key rotation

To rotate a key with zero downtime:

  1. Create a new API key with the same scopes
  2. Update your application to use the new key
  3. Verify the new key works correctly
  4. Revoke the old key

The platform supports multiple active keys simultaneously, so there is no gap in access during rotation.

Best practices

  • Use descriptive names for keys (e.g., "Production PIM Sync", "CI Pipeline")
  • Assign the minimum required scopes
  • Rotate keys periodically
  • Monitor key usage in the Dashboard for unusual patterns

Authentication

How to authenticate with the EUlabel API using API keys or session-based authentication.

Roles and Permissions

Role-based access control (RBAC) in EUlabel for different user types.

On this page

Creating an API keyListing API keysRevoking an API keyKey rotationBest practices