EDC Connector API
Getting Started

Authentication

How to authenticate with the EDC Connector Management API

Authentication

The EDC Connector Management API uses API key authentication to secure access to the management endpoints.

API Key Authentication

All requests to the Management API must include an API key in the request headers.

Header Format

X-Api-Key: your-api-key

Example Request

curl -X GET "https://api.your-connector-instance.prod.truzztbox.eu/v3/assets/my-asset-id" \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: your-api-key"

TypeScript Example

const headers = {
  'Content-Type': 'application/json',
  'X-Api-Key': process.env.EDC_API_KEY || 'your-api-key',
};

const response = await fetch(
  'https://api.your-connector-instance.prod.truzztbox.eu/v3/assets/my-asset-id',
  {
    method: 'GET',
    headers,
  }
);

Security Best Practices

Environment Variables

Never hardcode API keys in your source code. Use environment variables instead:

// .env file
EDC_API_KEY=your-actual-api-key

// Usage in code
const apiKey = process.env.EDC_API_KEY;

Key Rotation

Regularly rotate your API keys to minimize the impact of potential key exposure:

  1. Generate a new API key
  2. Update your applications to use the new key
  3. Revoke the old key once all systems are updated

Least Privilege

Request API keys with only the permissions required for your use case. Different keys may have different access levels:

  • Read-only: Can query assets, contracts, and policies
  • Read-write: Can create, update, and delete resources
  • Admin: Full access to all management operations

Error Responses

401 Unauthorized

If the API key is missing or invalid:

{
  "type": "AuthenticationFailed",
  "message": "The provided API key is invalid or missing"
}

403 Forbidden

If the API key doesn't have permission for the requested operation:

{
  "type": "NotAuthorized",
  "message": "The API key does not have permission to perform this action"
}

Obtaining API Keys

Contact your EDC Connector administrator to obtain an API key. The process typically involves:

  1. Submitting a request with your use case description
  2. Specifying the required permission level
  3. Receiving the API key through a secure channel

Never share your API key or commit it to version control. Treat it like a password.

Next Steps

Configuration

API Reference

Getting Started

Quick start guide for the sovity EDC API Wrapper

Configuration

Configure your environment for the sovity EDC API Wrapper

On this page

AuthenticationAPI Key AuthenticationHeader FormatExample RequestTypeScript ExampleSecurity Best PracticesEnvironment VariablesKey RotationLeast PrivilegeError Responses401 Unauthorized403 ForbiddenObtaining API KeysNext Steps