How to Manage API Keys

As an ALM site administrator, generate and manage API keys using the API Key Management page. On this page, you can create and delete keys, and also revoke or regenerate keys.

Note: If you deactivate or delete a user in ALM administration, the user's API keys are also deleted.

SaaS: When managing API Keys, the options vary depending on the currently logged in customer administrator.

  1. Define API Key expiration time (Optional)

    By default, API Keys do not expire unless revoked. To set an expiration time, you can define the APIKEY_EXPIRE_DAYS site parameter. The default value is set "-1", meaning that there is no expiration time. To set expiration time, set the number of N days. The API Key will expire after the specified number of days.

    To define a site parameter, see Setting ALM Configuration Parameters.

    Note: The APIKEY_EXPIRE_DAYS site parameter has no effect on already created API Keys.

  2. Open the API Keys window

    On the Application Lifecycle Management Options window, click the API Keys link. In the API Keys Login window, enter user name and password.

  3. Manage API Keys

    Create New API Key

    Click API Access Key to create a new key.

    Provide an API Key Name and Description for the key, as well as the User to associate with the key. The user permissions are granted to any application that authenticates using this API key.

    SaaS: The list of available users varies depending on the currently logged in customer administrator.

    You receive a Client ID and API Key Secret, which you need to provide to the person who needs to use this key for authentication.

    Tip: Make a secure record of these, as the secret cannot be retrieved again. If it is lost, you will need to revoke the key and regenerate it to receive a new secret.
    Delete Key Select a Client ID from the API Keys Management page. Click Delete Key.
    Revoke API Key

    To temporarily block a specific API key from accessing ALM, revoke this API Key.

    Select a Client ID from the API Keys Management page. Click Revoke Key.
    Regenerate Key

    You can regenerate a revoked API key, which reactivates the key and provides a new API Key Secret to use with the original Client ID.

    Select a revoked Client ID from the API Keys Management page. Click Regenerate Key.
    Refresh Refreshes the API Keys Management page.

Back to top