Manage API access keys

This topic explains how to generate and manage API access keys for secure API interactions.

The ability to generate Access Keys is an important security feature, allowing authorized users to access, examine and use relevant AlgoSec APIs.

Access the API Access tab

Do the following:

  1. Hover over the Settings icon at the lower left of your screen. Settings options are displayed.

  2. Click on Access Management.

    The Access Management page is displayed.

  3. Select the API Access tab.


From the API Access tab you can:

  • View an API Access Key

  • Add a new API Access Key

  • Edit an Access Key

  • Delete an API Access Key

    View an API Access Key

    When you view an API access key you can copy the Client ID and the Client secret but you cannot edit any fields.

    Do the following:

    1. Click on the vertical ellipsis to the right of the access key to view.

    2. On the options pop-up menu that is displayed, click view.

    3. To get the API Token required for AlgoSec Cloud authorization, copy the Client ID and Client Secret to use in the Log in to the Tenant endpoint.

    4. When you finish with the Access key view, click Done to close it.


Add a new API Access Key

Do the following:

  1. From Settings > Access Management > API Access tab, click +Add key.
    The Add Access Key dialog is displayed:

  2. Fill in the fields as indicated in this table, and then click Add in the lower right corner:

    Field Description
    Access key name Any meaningful text
    Role

    Select one or more roles from the System Role drop down:

    • Admin - Read/write permission to User Management, ASMS Integration, Accounts and all resources (Risks, Inventory and Network Policies).

    • Security manager - Read/write permission for Accounts and all resources (Risks, Inventory and Network Policies).

    • Auditor - Read-only permissions for Accounts and all resources (Risks, Inventory and Network Policies).

    API access session timeout

    Minutes. Current value is 60 minutes and is editable.

Edit an Access Key

To edit an access key:

Do the following:

  1. Click on the vertical ellipsis to the right of the access key that needs editing.

  2. On the options pop-up menu that is displayed, click Edit. The Edit access key dialog is displayed.

  3. Optionally edit or use fields as follows:

  4. Field Description
    Access key name Edit freely.
    Roles Select one or more roles from the SystemRoles dropdown list.
    Client ID Copy this to a safe place. You cannot edit the Client ID.
    Client secret Copy this to a safe place. You cannot edit the Client secret.
    API access timeout. You can edit the number of minutes.
  5. Click Save to keep your changes or Cancel to discard them.

Delete an API Access Key

Deleting an API access key is very simple:

Do the following:

  1. Click on the vertical ellipsis to the right of the access key you wish to delete.

  2. On the options pop-up menu that is displayed, click delete.
    A confirmation Delete access key dialog is displayed, showing the name of the API access key to be deleted.

  3. Click Yes to delete the key.

    Note: You can click No to close the dialog without deleting the API access key.