API Keys are only needed by software developers. If you are looking for an Application Password, you can get one in the Settings > App Passwords page any time.
You do not need an API key unless you write software which integrates with Club Log.
Please stop here if you are not software developer.
What are API keys?
API keys are needed to communicate with Club Log via its various APIs.
API keys were added in response to problems with high volumes of requests for callsign to DXCC lookups which originated in an experimental logging program. The various interfaces to Club Log are now protected to help prevent situations where external applications can interfere with the operation of the web site, and to improve visibility of who is using the API and for what purpose. They also let us run different versions of the API for different programs and maintain backwards compatibility.
"Access to this form requires a valid API key"
You will see this message if you access Club Log APIs but do not provide an API key. An API key is specific to your application and looks roughly like this: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33.
How to get an API key
To obtain a key please email the helpdesk with a brief overview of your use. There is a list of products which use the Club Log API on which you can choose to be included, if you indicate your preference when you request the key.
Keeping the API key private
API keys are not meant to be secret as such, mainly because we want them to be very easy to use for programmers of all levels. However, if an API key is passed around it stops us from being able to provide version controlled APIs for different products, and potentially means all of the products using a key will be blocked completely. This will happen, for example, if an API key is published on the web or in a Git repository. Look after your keys - thanks!
Using your API key
Once you have your key, you need to send it with your requests to Club Log. The API key should be sent as a form variable, normally as part of the POST or GET request. There are further notes on this on the Help page. There are also working test forms on that page to help you verify that your API key is working ok.
Club Log has quite a number of different API interfaces you will be able to use when you have an API key. Start here: https://clublog.freshdesk.com/support/solutions/folders/100474
Security
If requests to an endpoint that need an API key repeatedly fail, the originating IP address will be automatically firewalled. Please ensure, therefore, that all requests using API keys have been tested and handle bad user inputs.