All API Methods require you to provide an active API Token.
Token Generation / Deactivation
Each site can have up to five active tokens. If a token is no longer in use or if it has been compromised, you can deactivate the token.
For each token, you may optionally add a "note" which is a short description to remind your team how a token is being used.
Tokens are currently a 41 character string, but the length for new tokens could be shorter or longer at any time.
Token generation and deactivation are managed via the Control Panel of your KPA EHS website. To access the API Management Pages, your account must be under a role with the "Manage Billing" permission enabled.Manage Tokens
Keep in mind that each token gives read/write access to your account so it is critical that they are not shared publicly. It should be treated like an admin username/password would be treated.
Do not include your token in client-side code. If you wish to access the KPA EHS data via a web/mobile client, then you should make requests to your own server which should verify the method/action. Then the server should make the request to the KPA EHS API and forward the response to the client.
The KPA EHS API rate limits requests at 60 requests per minute per customer.
If the request rate exceeds this limit, an
error will be returned.
If you wish to limit API calls to certain IP addresses, please contact email@example.com and include the IP addresses you wish to whitelist.
Egregious request rates or extended limit violations may be grounds for deactivation of the token or even of API access for the entire site.