Manage API access keys
This topic explains how to generate and manage API access keys for secure API interactions.
The ability to generate Access Keys is an important security feature, allowing authorized users to access, examine and use relevant AlgoSec APIs.
Access the API Access tab
Do the following:
-
Hover over the Settings icon at the lower left of your screen. Settings options are displayed.
-
Click on Access Management.
The Access Management page is displayed.
-
Select the API Access tab.
From the API Access tab you can:
-
View an API Access Key
When you view an API access key you can copy the Client ID and the Client secret but you cannot edit any fields.
Do the following:
-
Click on the vertical ellipsis to the right of the access key to view.
-
On the options pop-up menu that is displayed, click view.
-
To get the API Token required for AppViz (SaaS) authorization, copy the Client ID and Client Secret to use in the Log in to the Tenant endpoint.
-
When you finish with the Access key view, click Done to close it.
-
Add a new API Access Key
Do the following:
-
From Settings > Access Management > API Access tab, click +Add key.
The Add Access Key dialog is displayed: -
Fill in the fields as indicated in this table, and then click Add in the lower right corner:
Field Description Access key name Any meaningful text Role Select one or more roles from the Role drop down:
-
Admin - Read/write permission to User Management, ASMS Integration, Accounts and all resources.
-
User - Permissions are defined per individual user by the admin. See Manage API access keys.
API access session timeout Minutes. Current value is 60 minutes and is editable.
-
Edit an Access Key
To edit an access key:
Do the following:
-
Click on the vertical ellipsis to the right of the access key that needs editing.
-
On the options pop-up menu that is displayed, click Edit. The Edit access key dialog is displayed.
-
Optionally edit or use fields as follows:
-
Click Save to keep your changes or Cancel to discard them.
Field | Description |
---|---|
Access key name | Edit freely. |
Roles | Select one or more roles from the SystemRoles dropdown list. |
Client ID | Copy this to a safe place. You cannot edit the Client ID. |
Client secret | Copy this to a safe place. You cannot edit the Client secret. |
API access timeout. | You can edit the number of minutes. |
Delete an API Access Key
Deleting an API access key is very simple:
Do the following:
-
Click on the vertical ellipsis to the right of the access key you wish to delete.
-
On the options pop-up menu that is displayed, click delete.
A confirmation Delete access key dialog is displayed, showing the name of the API access key to be deleted. -
Click Yes to delete the key.
Note: You can click No to close the dialog without deleting the API access key.