Create an API Key

1. Create an API Key

API Keys are used to authenticate API requests. Create as many API keys as you like, each one may be limited in ability to minimize security risk.

For example, the User API /api/user has four HTTP methods, GET, POST, PUT and DELETE. While each API may have different semantics, in a general sense you can think of these four HTTP methods as being retrieve, create, update and delete respectively. With that in mind, if you’d like to create an API key that can only retrieve users, you would limit the API key to the GET method on the /api/user API.

When you create an API key the key is defaulted to a secure random value but the API key is simply a string, so you may call it super-secret-key if you’d like. However a long and random value makes a good API key in that it is unique and difficult to guess.

Once an API key has been created it may be used to make API calls. See API Authentication for more information.

Navigate to Settings API Keys to manage API keys.

Create an API Key
Table 1. Form Fields


A unique key to be utilized to authorize API requests using the Authorization header.


An optional description of how this API key will be utilized.


The optional tenant to which this API key will be assigned. This value cannot be changed once the API key is created. This field is only displayed when more than one tenant exists. When you assign an API key to a tenant, you will only be able to operate on users, applications, and groups in the selected tenant.


Select one or more endpoints this API key will be authorized to access. Selecting no endpoints will authorize this key to all API endpoints.