Introducing User API keys

BrandMeister is proud to introduce Users API keys !

What are users API keys for ?

A BrandMeister user API key allows a third-party applications to interact with its owner’s SelfCare information and functionalites.  For example, a BrandMeister user can provide his API key to a mobile application in order to review and make change to its BrandMeister personal Self-Care and its repeaters.  There is no need to provide the username (callsign) and password to your account.

How does an API key look like ?

An API key is a 128-character string. For example:

MWaztB3EcHWBEW@D$2gb89Y2kvvE4leSr.33Gey74d0IYVSKU58YGMSFmPHD.Q1fECUkIcj7E4leSr.33Getkjshdf987ywe2irligr908SFIdlsfkj08934sasdlveg

Why using an API key ?

Using an API key allows you to keep your SelfCare username and password confidential and to keep granular control over each key you provide to others.

The API key is completely unrelated to your SelfCare password. If you change your SelfCare password, the keys you have generated are still valid.

At anytime you can Revoke a key, and any person or application with this key will no longer be able to access the information and features of your personal SelfCare account.

How to generate and revoke my user API keys ?

To generate an API key, follow these steps:

  • Login to your BrandMeister SelfCare account using a web browser, and authenticate using your callsign and password.

BrandMeister SelfCare Login Page

  • Click on your callsign or avatar at the top of the screen, and select “Profile Settings”

BrandMeister SelfCare CallSign Profile Settings

  • Click on the “API Keys” button in the Security Settings section

BrandMeister SelfCare Security Settings API Keys

  • This is where your existing keys (if any) will be displayed. Click “Add” to create a new key.

BrandMeister SelfCare add API key

  • Provide a name for your API key.
    You can create as many keys as you’d like. It is therefore recommended to generate one key per application you will use, and name the key accordingly. The name has no impact on the key, it is just a label utilized in the SelfCare to help you remember which key is which.

  • The next screen will display the API key. If you are using a mobile app, chances are that you can just take a photo of the key within the app and you are done. Otherwise you may copy/paste the key into the application directly.

This is the only time the key code and barcode will be visible. Once you click “OK” only the key name will be available in your list. There is no need to keep a copy of your key somewhere, considering that you can always revoke and generate a new key.

BE EXTREMELY CAREFUL OF WHOM YOU GIVE YOUR KEY, AND WHERE YOU SAVE YOUR KEY.  THE KEYS ALLOW A COMPLETE AN FULL ACCESS TO ALL THE FEATURES OF YOUR PERSONAL SELFCARE. THIS INCLUDES REPEATER/MASTER SYSOP FUNCTIONS !

  • After clicking “OK” you will be sent back to the list of API keys, with the ability to revoke a key if needed.

 

Why not just providing my SelfCare account credentials ?

Your password is confidential and should never be given to others. Providing a separate key to each third-party allow you better control: if you provided your account password, each time you want to change the password you will have to go back to each third party to update it. With the API keys, you can change your SelfCare account password or revoke a key without affecting all other keys you have already provided.

Is there any existing applications using user API keys ?

There are currently three developers we have worked with to develop the first applications leveraging user API keys:

BrandMeister Tool (Android) (M0PFX)

This application for Android devices allows you to manage your hotspot or repeater directly from your mobile device, without having to go through the web-based SelfCare interface. Once you have registered your user API key, no further password will ever be required. And the application will continue to work and properly authenticate with your SelfCare account even if you change your SelfCare password using the web-based interface.

Pi-Star (MW0MWZ)

Pi-Star is a custom, pre-configured SD Card image for the Raspbperry Pi, built on Raspbian linux. It includes software stacks by G4KLX, MMDVMHost / DStarRepeater and associated tools & programs.

Its built-in dashboard now includes the ability to make changes to user’s BrandMeister configuration, by leveraging the use of APIs.

Documentation

Repeater Reader (DO1JG)

Repeater Reader is a small JAVA program which creates visibility and management options for the selected repeater or hotspot. It will also get support for controlling the repeater through APIs.

The BrandMeister team wishes to thank all application developers for making all of this happen !