S3 Keys

In order to facilitate sending us your data, we create an Amazon S3 bucket for your school, and we provide you credentials to access it.

If, for example, your bucket name is private-iqu, you should write your files into private-iqu/production/warehouse/ to make that file available to our production server, or into private-iqu/qa/warehouse/ to make that file availble to our qa server.

For initial setup, you can access the security keys in AlumnIQ Platform Admin, in the Security module, under the section, "S3 Keys". Signature Events customers will be provided your initial keys via secure file transfer.

Scheduled Key Rotations

S3 keys will be automatically rotated quarterly. To facilitate you keeping your keys up to date without interruption, we provide a period of ten days in which both the new and the old key are active. New keys are created on the 10th of January, April, July, and October. The prior key won't be deactivated until the 20th day of the same month.

For AlumnIQ Platform customers, an API resource is available with which you may look up your new key in an automated fashion. If you so choose, or if you don't have the capability to automate, you can make arrangements to manually update your keys per the above schedule. To facilitate manual updates, your keys will be available in the Security / S3 Keys screen in admin.

For Signature Events customers who don't also use AlumnIQ Platform, your updated keys will be available in the root of your S3 bucket as a file named aws-keys-next.txt. It will be created/updated on key rotation days. If you would like to delete the file after you have updated your keys, you may.

S3 Key lookup API (AlumnIQ Platform customers)

If using the AlumnIQ Platform API to get your new S3 Access Key and Secret Key, send a POST request to /api/v1/index.cfm/aws/accesskey. The request body should be a JSON object including your AlumnIQ API Key, and your current (soon-expiring) Access Key.

{
  "apikey": "98A8...83F3",
  "accesskey": "AKIA...BGP4"
}

Please be careful to NOT include your SecretKey in the request.

Assuming your api key and access key are valid, the response will contain your new access key and secret key:

{
  "AccessKey": "AKIA...JAEM",
  "SecretKey": "C4Qd...emjH"
}

Last updated