Clients
Manage API clients — machine-to-machine credentials that authenticate calls to the BEEM API.
Clients are the API credentials that allow your applications to call BEEM programmatically. Each client has its own public key (for request signing), its own network whitelist, and its own set of roles.
A client behaves exactly like a user, only it acts on behalf of your application rather than a person. Whatever roles you assign to a client determine which API endpoints that client's credentials can call — without the relevant role, the endpoint returns 403 Forbidden. See the Roles reference for the full list of roles you can assign.
Clients list
The Clients list shows every API client provisioned on your account.
| Column | Description |
|---|---|
| Client Id | The account-level identifier this client belongs to. |
| Id | The unique identifier for the client itself. |
| Name | The display name you assigned when creating the client. |
| Actions | View the client detail panel, edit the client, or rotate its credentials. |
Creating a client
Click Create a client in the top right. Fill in the following fields and click Add:
| Field | Description |
|---|---|
| Name | A human-readable label for this client (e.g. SISU Prod Account Client). |
| Network whitelist | One or more IP addresses or CIDR ranges from which this client is allowed to make API calls. Defaults to 0.0.0.0/0 (all networks). |
| Public key | The PEM-formatted public key for this client, beginning with -----BEGIN PUBLIC KEY-----. BEEM uses this to verify request signatures. |
| Assign roles to user | One or more roles that determine which API endpoints this client can call. See the Roles reference. |
| Enabled | Toggle on to allow the client to access your account immediately. Toggle off to provision but suspend. |
Generating a key pairYou provide the public key here and keep the matching private key secure on your side. BEEM never sees or stores your private key.
Client detail
Selecting a client opens the detail panel.
| Field | Description |
|---|---|
| ID | Unique client identifier. |
| Account Id | The account this client belongs to. |
| Client Id | The account-level identifier. |
| Enabled | true or false — whether the client can authenticate against the API. |
| Name | Display name. |
| Public Key | Preview of the registered public key. |
| Role Count | How many of the 15 available roles are currently assigned to this client. |
| Network Whitelist | All IP addresses and CIDR ranges allowed for this client. |
| Roles | The full list of layer1:role:* roles assigned. Each role unlocks the matching set of API endpoints. |
Restricting accessFor production clients, narrow the Network whitelist to the specific IPs your application calls from. Leaving the default
0.0.0.0/0allows calls from any network.