Skip to content

Obtaining an API Key

The API key, which generates during account registration, provides data access via the REST API.

Below are two ways to obtain an API key. Choose the one you are most comfortable with:

  • TLS Protect Cloud console

  • VCert


  • Active API key - the (new key) that will continue to be active after the old key is deactivated.
  • Pending API key - the previously active (old key) that is being replaced by the now active key. Note that the pending key will remain active for its validity period until it expires or the user takes the action to delete it.

To obtain an API key (using the TLS Protect Cloud console)

  1. Log in to TLS Protect Cloud.

  2. In the menu bar, click your avatar in the top-right corner, and then click Preferences.

  3. On the API Keys tab, click copy button to copy your API key.

To obtain an API key (using VCert)

  1. Download Venafi VCert from the GitHub repository at Under the "Assets" section are the binaries for each one of the supported OS versions. Select the appropriate OS.

  2. Unzip the file and double-click to run the VCert executable file.

  3. Open your terminal and run the vcert command along with desired options. Below are the parameters you can select; the only required field is "email."

    ./vcert getcred --email <email address> [--password <password>] [--format (text|json)] 
    Parameters Required Description
    email required The email you will receive your activation link for your API key.
    password optional When supplied, the specified password will allow the user to log into the TLS Protect Cloud web console.
    format optional JSON file.


    If the option of --format json is used, the output will include apiKey data from the API response, including userId, username, companyId, apiKeyStatus, creationDate, and validityStartDate.

    For example:

    ./vcert getcred --email 

    This returns and inactive API key. Follow the next step to activate it.

  4. You will be sent an activation email. Complete the registration and activate your API key.

Using the API key in REST calls

For every REST API call you make to TLS Protect Cloud, pass the Content-type and the tppl-api-key key value.

For example:

Content-Type: application/json

API Key Reset

If an administrator checks the API Key Reset option for a user, that user will be able to call the POST API or use the vcert getcred --email command to re-register for a new API key.

What's next?