Skip to main content
Feedback

Keyless Plans

A Keyless Plan is used to call a deployed API without an API Key.

Because the API Gateway requires the API Key be included in the X-API-KEY header, Keyless Plans are primarily used when you are required to bypass the required X-API-KEY header in the Shared Web Service SOAP Client connector. We recommend Keyless Plans only for the scenario when existing applications do not insert the required X-API-KEY header and cannot be reconfigured.

caution

We recommend against setting a Keyless Plan on any deployed API with an authentication of API Key Controlled. A Keyless Plan on an API Key Controlled authentication removes all authentication on the deployed API meaning that your deployed API is unsecured and is at risk of being misused.

With a Keyless Plan enabled, you can call an API with a valid API Key or without one. In the case of an API call without a valid API Key, a subscription is not necessary. Because the client IP address is used for rate and quota calculations, you should review your usage limits on any deployed API that uses a Keyless Plan.

You can set up Keyless Plans using the GraphQL Deployed API category. You can use the Gateway category Gateway Update mutation (gatewayUpdate) for all deployed APIs on the API Gateway.

Alternatively, you can also set a Keyless Plan for a plan on the Deployed APIs Plans page. To do this, turn on Use a Keyless Plan option and then select the plan you want to use as Keyless.

Tips for working with the Keyless Plans GraphQL mutations

There are three fields to specify for a Keyless Plan mutation. The apiDeploymentId is required. planIds and keylessPlanId are optional. However, if you have planIds and leave the planIds field empty, API Plan associations through the mutation are deleted. Include the Plan IDs that you do not want to delete in the planIds field. Any IDs not included in the planIds field will be deleted.

To add new or additional API Plan associations to the Plan IDs, include your existing Plan IDs and the new Plan IDs that you want to add to the planIds field. If you do not include all Plan IDs that you want to keep, any IDs not included in the planIds field will be deleted.

On this Page