Managing API keys
An API key is a unique identifier used for authentication of a user, developer, or calling program to an API. API keys are often used for tracking and controlling how the interface is used, to prevent abuse of the API.
API keys overview
By default, the API keys are disabled in the Management Console. To enable the API keys, go to the Settings section. A tenant admin can revoke API keys and edit the API keys settings, but to generate or delete API keys, you must have the role developer. A tenant admin assigns the role developer to a user. If you are a tenant admin, you can assign the role developer to yourself.
The API keys table shows the following information about the API keys: name, ID, owner, last update, creation date, expiry date, and status. Use the search field to search in the first three fields: Key name, Key ID, and Owner.
API key statuses
API keys can have the following statuses:
- Active: the API key is in use.
- Expired: the expiry date has been reached.
- Revoked: the API key has been revoked and can no longer be used.
As an admin, you can review the API key activities registered in the Events section in the Management Console. If suspicious activities are detected, such as, extensive use of a certain API key, you can revoke that API key. Open the detailed list by clicking the arrow to the far right in the table and copy the ID of the API key. You can then search for the ID in the API keys section to find the API key to revoke.
To revoke a single API key, click the button ... to the far right and select Revoke. You can only revoke keys with the status Active. To revoke multiple keys, select the check boxes to the left of the keys to revoke and click Revoke in the top right corner. Revocation is irreversible, a revoked API key cannot be re-activated.
In addition to revocation there is the delete option. You can delete an API key from the hub, but not in the Management Console.
The setting Enable API keys is turned on in the Management Console on the Settings page. By default, the API keys are disabled in the Management Console.
|Enable API keys||
This switch enables or disables all the API keys in the tenant. Only the tenant admin can enable the API keys.
|Change maximum token expiration||
By changing the token expiration value, all new tokens will have the new expiration value. Already existing APIs will not be affected by the change, they will have the same expiration value as before.
|Change maximum of API keys per user||
This setting only affects new API keys. If a new API key makes the total number exceed the maximum number, creation is denied.
Do the following:
- In the Management Console, go to the Settings page.
- Under the API keys section, switch on the Enable API keys button.
- If applicable, change the Change maximum token expiration and the Change maximum of API keys per user settings.
Generating an API key from the hub
You can generate API keys from the hub. Before you start, make sure that the following two requirements are fulfilled:
- The setting Enable API keys is turned on in the Management Console.
- The tenant admin has assigned the role developer to you.
Do the following:
Log onto your tenant, for example, https://<tenantname>.com.
Click your profile in the top right corner and select Profile settings.
Select API keys.
Click Generate new key.
Enter an API key description and select when the API key should expire.
An API key is generated.
Copy the API key and store it in a safe place.
After creation, you can edit the name of the API key. You can also delete it.