What is the WebApiSecret key for, and can it be automatically generated?

The WebApiSecret key is used to ensure that the authentication token used by the REST API has not been tampered with in transit. The token is generated using multiple data points and this is one of them. The keys configured in the Enterprise Web.config file must match the Web API Web.config file in order for users to authenticate to the REST API.

The WebApiSecret key can be any combination of UTF-8 characters in plain text with a recommended size of 64 bytes. You can create them manually or search for a tool that will generate one for you.