Manage API keys¶
Use API keys to connect Zero Touch PKI to your environment. The API uses Hawk authentication, which combines a public ID with a private secret that appears only at key creation.
In Zero Touch PKI, you can add up to ten API keys for your own user or for a user with the Service Requestor role. You can also delete API keys or roll them (replace their secret).
Use Service Requestors for API integrations
For security, CyberArk recommends Service Requestors for all API integrations. This role can't access the Zero Touch PKI user interface and is designed for machine identities. See User roles.
Prerequisites¶
- To add API keys for Service Requestors, you must be an Account Admin or Organization Admin.
To add API keys for Service Requestors¶
- Sign in to Zero Touch PKI.
- Click Users.
- Click the Service Requestor user to add a key for.
-
In API Keys, click Add API Key.
-
In API Key Details, copy the ID and Key.
Note
The key isn't shown again. If you lose it, you'll need to roll it.
-
Click Close.
To edit API keys for Service Requestors¶
- Sign in to Zero Touch PKI.
- Click Users.
- Click the Service Requestor user.
-
In API Keys, click the key to edit.
-
In Edit API Key, do one of the following:
- Click Roll. Copy the new key and click Close.
- Click Remove. Then, click Confirm.
- Enter a comment and click Confirm.
To add API keys for your account¶
- Sign in to Zero Touch PKI.
- At top right, click your user profile > Manage Profile.
- In API Keys, click Add API Key.
-
In API Key Details, copy the ID and Key.
Note
The key isn't shown again. If you lose it, you'll need to roll it.
-
Click Close.
To edit API keys for your account¶
- Sign in to Zero Touch PKI.
- At top right, click your user profile > Manage Profile.
- In API Keys, click the key to edit.
- In Edit API Key, choose one of the following:
- Enter a comment and click Confirm.
- Click Roll. Copy the new key and click Close.
- Click Remove. Then, click Confirm.