Skip to main content
All CollectionsControl Center
Security: Network API Keys, API Whitelists & MFA
Security: Network API Keys, API Whitelists & MFA

Learn how to manage multi-factor authentication, manage API keys for employee users, and how to manage API Whitelists for fraud mitigation.

Genny avatar
Written by Genny
Updated over 11 months ago

Updated - Hotfix 3.3.0 (May 2023): Two tabs added to Control Center - Security

  • Logins tab allows you to see a history of logins from Network Users [Click Here]

  • Multi-Factor Authentication tab allows you to control the MFA settings for the Network and view the MFA settings for each Network User [Click Here]


Intro

In order to gain access to this section of the platform, you must have "Security" added to your approved permissions for your Role. (An admin can approve permissions for Roles.)

For more information about Roles and adding Permissions - [Click Here]


Table of Contents


Overview

This section of the platform is dedicated to securely managing Network API keys, and their associated permissions.

  • Navigate to Control Center - Security. You will land on the API Keys tab, where you'll see the list of API keys associated with your internal team.

    Each existing API Key will automatically be named similar to: Legacy API Key (Employee Name), and the number of (or all) associated permissions will be displayed.


Creating A New Network API Key

  • Click the [+ API Key] button.

  • Give the API Key a name, associate an employee, and select which permissions the employee can access via API.

  • Upon clicking Create API Key, you will be shown the API Key one time, so be sure to copy it now.

    **For security purposes, API keys are now stored in a hashed format, which means they are never accessible again after this initial display. (API keys also cannot be accessed by Everflow staff.)


Revoking A Network API Key

  • Click the vertical dots on the end of any row, and select Revoke.

    Please Note: Once an API Key is revoked, it cannot ever be re-enabled.

  • You can filter the display of API Keys to show those that have been revoked:


API Whitelists

A common strategy for mitigating fraudulent or other unwelcome activity on your offers is by limiting the API addresses you'll accept calls from. API Whitelists allow you to block API calls from unknown IP addresses, and only allow calls from those IPs that you specify.

  • To add or edit an API Whitelist, navigate to Control Center - Security, then click on the API Whitelist tab. Click Edit.

If you do not have any entries in your API Whitelist, then API calls from all IP addresses are accepted.

If you have one or more entries, then only calls from those IP addresses are accepted.


Logins

  • The Logins tab allows you to see a history of logins from Network Users. To locate it, navigate to Control Center - Security, then click on the Logins tab.

  • You can narrow down the view by using the filter, or by using the date selector to specify the history during a specific date range.

  • Click the vertical dots next to the filter button to customize the columns in your view, including IP address, user agent, and more.


Multi-Factor Authentication

  • The Multi-Factor Authentication tab allows you to control the MFA settings for the Network. To locate it, navigate to Control Center - Security, then click on the Multi-Factor Authentication tab.

  • On the General card, click Edit to modify the Network setting.

  • Available options are:

    • Google Authenticator App

    • SMS

    • Both

  • Once configured, each Network User will need to log in according to the selection made during their next login.

  • The list of Network Users and their completion status is listed under MFA Employee Settings.

    **Please note: The users with information filled in each column are those that have configured their settings since SMS was introduced as an option, while the others have not logged in since before the hotfix was released.


Did this answer your question?