Stream: community

Topic: Question about external tools and API keys

view this post on Zulip oussama Zoubia (UKK) (Sep 26 2025 at 12:22):

Dear all,

I hope you’re doing well.

I’m developing an external tool that users will access from Dataverse’s main page. The tool needs to act on behalf of the logged-in user and therefore requires the user’s Dataverse API key. From what I found so far, Dataverse’s External Tools integration only targets files and datasets, and there doesn’t appear to be a way — even with an admin account — to retrieve users’ API keys via the API.

One alternative I considered is using Keycloak (SSO) and bearer tokens flag, but my understanding is that that approach is currently experimental (temporary) and not recommended for production.

Am I missing an existing documented method, or are there better recommended approaches for this use case? Any suggestions.

Thank you in advance for your help.

Best regards,
Oussama

view this post on Zulip Philip Durbin 🚀 (Sep 26 2025 at 12:40):

I guess a workaround would be to ask the user to enter their API token manually, right?

That's how a lot of integrations work, like OSF or RSpace.

view this post on Zulip oussama Zoubia (UKK) (Sep 26 2025 at 12:53):

I mean that's a possibility yes, but I was thinking more of an automatic way to do it, without prompting the users.

view this post on Zulip Philip Durbin 🚀 (Sep 26 2025 at 13:19):

Are you ok with this functionality being put in the new React frontend rather than the old JSF frontend? We're trying to touch JSF as little as possible as we migrate.

view this post on Zulip oussama Zoubia (UKK) (Oct 02 2025 at 13:38):

Philip Durbin 🚀 said:

Are you ok with this functionality being put in the new React frontend rather than the old JSF frontend? We're trying to touch JSF as little as possible as we migrate.

Yes sure, that would actually be better. :)

view this post on Zulip Philip Durbin 🚀 (Oct 02 2025 at 13:39):

Ok, please feel free to create an issue at https://github.com/IQSS/dataverse-frontend/issues

view this post on Zulip Germán Saracca (Oct 02 2025 at 13:57):

Hi @oussama maybe this helps, assuming by API key you mean API token in the new react frontend we use this endpoint to get the API token of a logged in user ->/api/v1/users/token and it returns something like:

{
    "status": "OK",
    "data": {
        "message": "Token [token-goes-here] expires on 2026-07-17 11:58:02.469"
    }
}

We use bearer tokens to call the API as an authenticated user.

Last updated: Nov 01 2025 at 14:11 UTC