API keys
The REST API for STA and the SCIM API for STA use API keys for authentication. An API key is a shared secret that is generated in STA and used to connect to the associated API. The API key provides full access to the APIs.
You can generate multiple API keys for each virtual server. When you generate an API key, you map it to a service account. The service account is a user account that determines which accounts (tenants) and virtual servers the API key has permission to access. Multiple API keys can be mapped to the same service account.
You must copy or download (or both) the API key when you generate it. API keys are not stored on the STA Access Management console, and cannot be viewed or downloaded from the console later.
Changes to the API keys are recorded in the audit logs, so that you can audit the access and usage of the STA services. The audit logs include the user IDs for the service accounts that are associated with the API keys.
If you are starting out with STA APIs and you don't have an API key, see Getting started.
Generate an API key
When you generate an API key, download it as a text file that contains the key in plain text. The text file uses the following filename format:
APIKey-<API key name>-<created date>.key
-
On the STA Access Management console, select Settings > API Keys.
-
Select Generate API Key.
-
On the Generate New API Key dialog box, enter a friendly Name so that the key is easy to identify and manage.
-
In the Service Account field, search for the user ID to associate with the API key. Each API key can be associated with only one service account.
-
Select Next.
-
To copy the API key, select Show and then select the Copy to clipboard icon.
API keys are not stored on the STA Access Management console, and cannot be viewed or downloaded later. Make sure that you copy or download the API key, so that you can use it later.
-
Select Download and then select Finish.
The API is downloaded as a text file that contains the key in plain text, and uses the following filename format:
APIKey-<API key name>-<created date>.key
The new API key is listed on the API Keys screen.
Renew an API key
Renew an API key to extend the expiry date.
-
On the STA Access Management console, select Settings > API Keys.
-
Expand the menu for the API key and select Renew.
-
On the Renew API Key dialog box, select Renew.
The expiry date is extended and the new date is displayed.
Replace an API key
If you need to replace an API key, such as when a key is lost, delete the old key and then generate a new key.
Delete an API key
Deleting an API key revokes access to the underlying API services.
Since the API key isn't stored in the STA Access Management console, when a key is lost, you need to delete the lost key to revoke access, and then generate a new key.
To change the user ID that is associated with an API key, delete the key and generate a new key for the new user ID.
-
In the list of API keys, locate the API key that you want to delete.
-
Expand the menu for the API key and select Delete.
-
On the confirmation message, select Delete.
Rename an API key
The only change that you can make to an API key is to rename it.
-
In the list of API keys, locate the API key that you want to rename.
-
Expand the menu for the API key and select Edit.
-
On the Edit API Key dialog box, enter the new Name, and then select Save.
The new name is displayed on the API Keys page.