When you make REST API calls, your access permissions for APIs will mirror your access permissions to objects and features in the Treasure Data Console. For more information about how API endpoints or baseURLs map to the TD Console, see Treasure Data API baseURLs.
REST API access is controlled through API keys. Almost every REST API call needs to be issued with a valid API key for authentication and resource authorization purposes.
Master API key
Can be used to perform every operation allowed by the user’s access level.
Keep your Master key secure—Master keys provide both read and write access, so anyone who obtains it could access, corrupt, or delete your data. Never share or expose a Master key.
Write-only API key
Using a write-only key adds a security layer when you expose REST API access to third parties or embed credentials in ingestion libraries (for example, web page integrations). It allows data ingestion only into databases where the user retains write permissions.
By default, every new user is created with one Master and one Write-only API key. Any user can generate any number of the two types of API keys. Any of the API Keys can be revoked at any time by the user themselves or any user having Manage User permissions.