In this article
DNSFilter users have self-service access the API JSON Web Tokens (JWT)—also called keys or tokens—through the DNSFilter dashboard.
These API keys create a tight integration between DNSFilter and your product or apps you're using, sharing data via the JWT.
See the developer API documentation for more details.
API Rate Limiting
On 4 February 2025 we introduced rate limiting on API requests. See our Rate Limiting article for details.
What to know about API Keys
Our team built in a few guardrails to understand before utilizing these keys.
| API keys are associated with the user, not an Organization | A user's API keys will only show up in their account, even if they are a member of multiple Organizations. |
| Limit 5 API keys per user |
Only keys in active status count toward this total. Users will receive an error message from the dashboard when they try to create more than 5 tokens. Users can revoke or delete unused keys to add new keys. |
| Only a user can revoke/delete their keys | Organization owners and admins cannot revoke or delete a user's key. |
| The API key takes on the same permissions as the user | The key is associated to the user and provides the same level of access granted to that user in the system. This is true for MSP Organization users and sub-org users as well. |
| We recommend account owners do not create API keys | DNSFilter encourages principle of least privilege practices when using API keys: if an API key becomes compromised this minimum layer of protection can prevent serious damage to the account. |
| There is not an expiration warning or reminder |
The API key dashboard displays the expiration date. We recommend using automation practices to prevent any lapse in API integration. If a key is expired, the integration will return an error code stating the user is not authorized until the API key is updated. |
Generate a DNSFilter API Key
Follow these steps to generate an API key.
- Login to the DNSFilter dashboard and navigate to your account icon
- Select Account Settings
- Tab to Security
- Scroll to API Keys
- Select + Create Key
- Enter a key Name. This name is not editable after the key is created
- Select an Expiration from the drop down menu
- Select Generate Key
- Copy the API key. This is the only time the key is available, and the Save option will not function until the key is copied
- Select Save to return to the API key dashboard
The API key is now visible in the dashboard. Use the API key in your application or service by following its standard configuration process.
Navigate the API Key dashboard
A key dashboard populates in the account once at least one key is created. These fields are available in the dashboard:
Status. The API key status is either active, revoked, or expired. Deleted keys are removed from the dashboard.
API Key. This column displays the key name and redacted token ID .
Key Dates. The expiration date/time and creation date/time.
Actions. Select the more icon to revoke or delete a key.
Revoke or Delete a DNSFilter API Key
Revoke or delete a token when it's no longer needed. To ensure uninterrupted configurations, replace API keys before completing these steps.
- Navigate to the API key dashboard in your account
- From the Actions menu, select Revoke or Delete for the unneeded key
- Confirm the action in the prompt
The token will no longer be available for use once confirmed. A revoked key's Status will update to revoked, and deleted keys disappear from the dashboard. Any current applications using the key will return an error message and require a new token to configure with DNSFilter.
Comments
2 comments
Hello - There is a bad link on this page…I think it has an extra space character causing a bad redirect.
See the developer API documentation for more details.
Thanks, Mike S —copy and paste got the best of me there! All fixed, and thanks for helping make our docs better 💖
Please sign in to leave a comment.