With the introduction of our SubUser API Keys it is now possible to use data from the CIS Automotive API in an application as simple as a single HTML document with no backend required. We wanted to make it easy to use our data in applications that don't follow the traditional client server architecture.
Previously this type of application would have required some backend infrastructure to query our API, manage sessions, and manage/ cache requests. With the SubUser API Keys this burden is offloaded from your backend onto our infrastructure which simplifies application development and improves time to market.
When you create a SubUser API Key you specify the domain allowed to make the requests and the endpoints the SubUser Key is allowed to access. Users with a paid plan can specify any domain they'd like, but users on a free or basic plan may only make keys for 'localhost'.
In addition to the domain you will also need to pick the endpoints the SubUser Key will be able to access. You should only pick endpoints you intend to use in your application to help reduce the potential for misuse. By default the "endPoints" argument is ["*"] which means all endpoints. At time of writing there is a visual bug in the openAPI documentation renderer that causes the "endPoints" argument for the /makeSubUserKey endpoint to render as ["string"]. This is a visual bug only and is interpreted by our API as ["*"] meaning all endpoints. You can also see the default value by clicking on the schema next to it.
When you create a SubUser key the "token" value returned is used to access the endpoints you specified as the "jwt" value in the request. This "token" is valid until revoked and can only be used for requests to the specified endpoints from the specified domain. If you ever need to retrieve the value of a SubUser API Key you can make a request to the /getSubUserKeys endpoint to see all SubUser Keys you've created and their associated metadata. You can revoke a SubUser Key with a call to the /revokeSubUserKey endpoint with the key's specified UUID.