Generate API Keys

Last modified on February 10, 2023

The StrongDM API allows for programmatic management of users, permissions, and resources within an organization.

API Credentials

To use the StrongDM API, you need to have an API ID and secret key. These keys authorize every request when managing objects with the API, so please keep them safe.

From the Admin UI’s Access > API & Admin Tokens section, you can view, add, clone, and delete API keys.

API & Admin Tokens
API & Admin Tokens

How to add API keys

  1. On the API & Admin Tokens section of the Admin UI, click Add API key.
  2. On the Create API Key page that displays, enter a name, determine when the credentials expire, and specify the scope of permissions.
  3. Click Create.
  4. Save the set of ID and secret keys that are shown.

Clone keys

Cloning creates a new pair of keys with the same set of permissions as the original set.

Delete keys

Once deleted, API keys are instantly invalidated, preventing any further API requests from being made.

How to Use Keys

StrongDM has four language-specific SDKs and a Terraform provider. The following SDKs contain more information on the respective options.

What About the CLI?

The StrongDM CLI remains a convenient way of managing StrongDM resources with your user credentials. Please see the CLI reference docs for more information about the CLI.

API Keys Created by Suspended Users

What happens to API keys that are owned by a suspended user? API keys and admin tokens are still usable even if the user who created them is suspended.

When suspending a user, the Admin UI lists the keys and tokens created by that user and asks if the tokens should be deleted. Select No to keep them.

Suspend User Dialog
Suspend User Dialog

After confirming suspension, you can see in section Access > API & Admin Tokens that the admin tokens and/or API keys continue to be owned by the suspended user. Because API keys are a public/private pair, new keys need to be created and the old keys need to be deleted when any automation systems use the new keys. For an admin token that is still needed, rotate the credentials to deactivate the existing token secret and generate a new one.

If you have any questions or need assistance, please email