.. api-best-practices-faq.rst
.. _best-practices-label:
===========================
API: Best Practices and FAQ
===========================
The following best practices are specific to API use; others are in :doc:`Best_Practices_and_Troubleshooting`.
Control Access to your Accounts
===============================
.. include:: includes/api-access-control.rst
Lifecycle Management
====================
API tokens expire precisely one year after generation. Since a user can have only one API token at a time, you must have a plan to roll-over to a new API token before the old one expires. Holders of API tokens are notified before expiry via an automatically generated email sent to the address associated with the token. The email is sent 7 days before expiry and then again the day before expiry.
.. _revoke-api-token:
Revoking and Deleting an Active API Token
-----------------------------------------
:API: The ``GET /auth/machine-token`` request revokes any existing tokens and creates a new machine token. This could therefore cause outages. ``GET`` in this instance is not a safe idempotent operation.
:Console: While logged in to YubiEnterprise Delivery Console as the user with the relevant API token, go to the profile page by clicking on the profile icon on the top right. Click **Revoke and delete active API token**.
API: FAQ
========
**Q. Who should use the API?**
A. Customers of YubiEnterprise Delivery.
**Q. Does Yubico charge for API calls?**
A. No.
**Q. How do I get access to the API?**
A. Get login credentials from the YubiEnterprise Delivery account owner in your organization, and see :ref:`onboarding-label`.
**Q. How should I set up an account to call the API?**
A. After you have been given a YubiEnterprise Delivery account, follow the instructions in :ref:`api-onboarding-pb-label`.
**Q. How do I test the API?**
A. In the API Onboarding Playbook in the current guide, see :ref:`yed-ss-wb` and :ref:`servicenow-label`.
**Q. How do I revoke an API token?**
A. See :ref:`revoke-api-token` above.
**Q. Where do I go if I need help?**
A. Get help now from our support team: to file a support ticket for YubiEnterprise Delivery, click `Support `_, or reach out to your assigned customer success representative.
**Q. Can I get notification of YubiEnterprise Delivery API changes?**
A. Subscribe to the Yubico Developer Program mailing list. Go to ``_. Although this page looks as if it is just for a coupon, it is actually the sign-up page for the mailing list.
**Q. Where do I find official Yubico product images and descriptions?**
A. On Yubico's `Press room images and logos page `_ are the logo and product images.
**Q. What is the maximum number of YubiKeys that can be included in a shipment request?**
A. It depends on the country to which you are shipping. See :ref:`del-pol-label`.
**Q. Can a shipment request be cancelled?**
A. .. include:: includes/16-00hrsUTC.rst
**Q. Does the country code look-up API return the countries to which Yubico can ship, or does it return all countries in the world?**
A. It returns all the countries in the world. Currently we can ship only to the countries named in :ref:`del-pol-label`.
**Q. What do you do with the** ``zip_code`` **field if it is not applicable, for example, for Canada and the EU countries?**
A. Leave the ``zip_code`` field blank and use the ``postal_code`` field instead.
**Q. Do I need to validate addresses via the API prior to submitting them?**
A. "Pre-qualifying" the address does not eliminate the address validation step. Every shipping request is sent for address validation. Status is updated when address validation is complete. Once the request reaches the "Accepted for Fulfillment" status, it has passed the address validation phase. If the status is "Incomplete Address", edit or delete the request. See :ref:`incompletes-label`.
-------------------------------------
To file a support ticket for YubiEnterprise Delivery, click `Support `_.