How to Manage API Keys
As an ALM site administrator, generate and manage API keys using the API Key Management page. On this page, you can create and delete keys, and also revoke or regenerate keys.
Note: If you deactivate or delete a user in ALM administration, the user's API keys are also deleted.
SaaS: When managing API Keys, the options vary depending on the currently logged in customer administrator.
-
Define API Key expiration time (Optional)
By default, API Keys do not expire unless revoked. To set an expiration time, you can define the
APIKEY_EXPIRE_DAYS
site parameter. The default value is set "-1", meaning that there is no expiration time. To set expiration time, set the number ofN
days. The API Key will expire after the specified number of days.To define a site parameter, see Setting ALM Configuration Parameters.
Note: The
APIKEY_EXPIRE_DAYS
site parameter has no effect on already created API Keys. -
Open the API Keys window
On the Application Lifecycle Management Options window, click the API Keys link. In the API Keys Login window, enter user name and password.
-
Manage API Keys
Create New API Key Click API Access Key to create a new key.
Provide an API Key Name and Description for the key, as well as the User to associate with the key. The user permissions are granted to any application that authenticates using this API key.
SaaS: The list of available users varies depending on the currently logged in customer administrator.
You receive a Client ID and API Key Secret, which you need to provide to the person who needs to use this key for authentication.
Tip: Make a secure record of these, as the secret cannot be retrieved again. If it is lost, you will need to revoke the key and regenerate it to receive a new secret.
Delete Key Select a Client ID from the API Keys Management page. Click Delete Key. Revoke API Key To temporarily block a specific API key from accessing ALM, revoke this API Key.
Select a Client ID from the API Keys Management page. Click Revoke Key.
Regenerate Key You can regenerate a revoked API key, which reactivates the key and provides a new API Key Secret to use with the original Client ID.
Select a revoked Client ID from the API Keys Management page. Click Regenerate Key.
Refresh Refreshes the API Keys Management page.