In the latest N1ED update (September 2024) we've made improvements designed to enhance the user experience during the implementation and use of N1ED on websites or in applications.
Previously, 8-character API keys were used, but now we offer a new method with 24-character API keys. Why and how? Let's take a look.
Why we move from old 8-character API keys
The previous approach of using API keys like xxxx1234 had a few issues:
-
There was a requirement to retrieve an access token to make custom Bootstrap blocks editable. Although this was a straightforward action of specifying a password on the page (do you remember the "Link N1ED with the cloud" password dialog?), it had some drawbacks:
-
Unless you were using CMS plugins for Drupal, Joomla, or Magento that had a process for saving such tokens, the token was stored in cookies. This meant you had to enter the password each time in any new browser (for every new team member on every device).
-
The previous method provided adequate security only if you were using N1ED alone or working solely with colleagues you could trust with your master (account) password. The CMS plugins workaround allowed you to specify the password once, and then others could work with the editor. From now on, you will need to type the password zero times: only use it when logging into Dashboard.
-
-
Being non-secret and publicly exposed, the 8-character API key didn't restrict read-only access to the configuration (including blocks). This wasn't a major issue, but it could confuse users who believed their preferences could only be accessed through their editor.
With the above in mind, we've redesigned our configuration access scheme.
24-character API key approach
New API keys are 24 characters long: the first 8 characters remain the same as before, serving as the public ID of your configuration. These will be used on your websites' front pages (the `widgets.js` script attaches using them), but eventually, you won't be able to load editor using these keys alone.
The final 16 characters act as the password for accessing all online services provided by N1ED. Currently, the primary service is managing your library of custom blocks.
How to migrate
Migration is simple: just specify the new 24-character API key in your new or existing N1ED installation. Drupal, Joomla, and other CMS users can enter the new, longer API key in their CMS control panel, while custom installation users should redefine their apiKey parameter passed to CKEditor, TinyMCE, or the direct N1ED loader script.
You can find the corresponding 24-character API key in your Dashboard, this key always starts with the same first 8 characters as before.
If everything is done correctly, N1ED will continue loading as before on your site, and you will see a green highlight over the label "New 24-character API key is used".
From now on, never expose your account password to any colleagues except those directly involved in managing N1ED installations on your websites, as the password no longer plays any role in linking N1ED installations to configurations - the longer API keys do.
Compatibility and support of shorter keys
For now, all your previously set 8-character API keys will continue working, and any tokens already retrieved will remain active, so you won't notice any difference. However, you will no longer be able to retrieve a new token, as the "Link N1ED with the cloud" dialog will no longer appear, and N1ED will prompt you to specify a longer API key. Follow the simple migration steps described above - there are no expected pitfalls or side effects.
If you're using a CMS implementation (Drupal, Joomla, etc.) with shorter keys, you won't see any changes at all, as the secret access token was initially received and is website-wide. However, we advise you to manually switch to longer API keys for higher security, as we plan to allow 24-character API keys act as a key to various online services we intend to implement in future updates.
Eventually, everyone who migrates to longer API keys will be disconnected from the shorter keys compatibility (and will notice no change).
When you add N1ED to a new website and create a new corresponding API key in the Dashboard, it will support 24-character API keys only.