Skip to content

Manage API keys

Use API keys to connect Zero Touch PKI to your environment. The Zero Touch PKI API uses Hawk authentication, which combines a public ID with a private secret.

In Zero Touch PKI, you can add up to ten API keys for your account, or for a user with the Service Requestor role.

Use Service Requestors for API integrations

For security, CyberArk recommends the Service Requestor role for all API integrations. This role can't access the Zero Touch PKI user interface and is designed for machine identities.

Lost API keys

Hawk keys appear only once, at API key creation. You can roll lost keys to generate a new secret.

Prerequisites

  • To add API keys for Service Requestors, you must be an Account Admin or Organization Admin.

To add an API key

  1. Sign in to Zero Touch PKI.
  2. Click Users.
  3. Click the Service Requestor user to add a key for.

  4. In API Keys, click Add API Key.

    Adding an API key

  5. In API Key Details, copy the ID and Key.

  6. Click Close.
  1. Sign in to Zero Touch PKI.
  2. At top right, click your user profile > Manage Profile.
  3. In API Keys, click Add API Key.
  4. In API Key Details, copy the ID and Key.
  5. Click Close.

To edit an API key

  1. Sign in to Zero Touch PKI.
  2. Click Users.
  3. Click the Service Requestor user.

  4. In API Keys, click the key to edit.

    Editing an API key

  5. In Edit API Key, do one of the following:

    • Roll the key: Click Roll. Copy the new key and click Close.
    • Delete the key: Click Remove. Then, click Confirm.
    • Add a comment: Enter a comment and click Confirm.
  1. Sign in to Zero Touch PKI.
  2. At top right, click your user profile > Manage Profile.
  3. In API Keys, click the key to edit.

  4. In Edit API Key, do one of the following:

    • Roll the key: Click Roll. Copy the new key and click Close.
    • Delete the key: Click Remove. Then, click Confirm.
    • Add a comment: Enter a comment and click Confirm.