Generate API Keys
Last modified on February 1, 2023
The StrongDM API allows for programmatic management of users, permissions, and resources within an organization.
To use the StrongDM API, you need to have an API
secret key. These keys authorize every request when managing objects with the API, so please keep them safe.
From the Admin UI’s Access > API & Admin Tokens section, you can view, add, clone, and delete API keys.
How to add API keys
- On the API & Admin Tokens section of the Admin UI, click Add API key.
- On the Create API Key page that displays, enter a name, determine when the credentials expire, and specify the scope of permissions.
- Click Create.
- Save the set of ID and secret keys that are shown.
Cloning creates a new pair of keys with the same set of permissions as the original set.
Once deleted, API keys are instantly invalidated, preventing any further API requests from being made.
How to Use Keys
StrongDM has four language-specific SDKs and a Terraform provider. The following SDKs contain more information on the respective options.
What About the CLI?
The StrongDM CLI remains a convenient way of managing StrongDM resources with your user credentials. Please see the CLI reference docs for more information about the CLI.
API Keys Created by Suspended Users
What happens to API keys that are owned by a suspended user? API keys and admin tokens are still usable even if the user who created them is suspended.
When suspending a user, the Admin UI lists the keys and tokens created by that user and asks if the tokens should be deleted. Select No to keep them.
After confirming suspension, you can see in section Access > API & Admin Tokens that the admin tokens and/or API keys continue to be owned by the suspended user. Because API keys are a public/private pair, new keys need to be created and the old keys need to be deleted when any automation systems use the new keys. For an admin token that is still needed, rotate the credentials to deactivate the existing token secret and generate a new one.
If you have any questions or need assistance, please email firstname.lastname@example.org.