How to Manage API Keys

As an ALM site administrator, you can generate and manage API keys using the API Key Management page. On this page, you can create and delete keys, and also revoke or regenerate keys.

Note: If you deactivate or delete a user in ALM administration, the user's API keys are also deleted.

SaaS: When managing API Keys, the options vary depending on the currently logged in customer administrator.

As a basic user, what you can do with the API keys associated with you depends on the setting of the APIKEY_SELF_SERVICE_LEVEL site parameter. For details about the parameter, see ALM Site Parameters.

  1. (Optional) Define API Key expiration time.

    By default, API Keys do not expire unless revoked. To set an expiration time, you can define the APIKEY_EXPIRE_DAYS site parameter. The default value is set to "-1", meaning that there is no expiration time. To set expiration time, set the number of N days. The API Key will expire after the specified number of days.

    To define a site parameter, see Setting ALM Configuration Parameters.

    Note: The APIKEY_EXPIRE_DAYS site parameter has no effect on already created API Keys.

  2. Open the API Keys window.

    On the Application Lifecycle Management Options window, click the API Keys link. In the API Keys Login window, enter user name and password.

  3. Manage API Keys.

    Create New API Key

    Click API Access Key to create a new key.

    Provide an API Key Name and Description for the key, as well as the User to associate with the key. The user permissions are granted to any application that authenticates using this API key.

    SaaS: The list of available users varies depending on the currently logged in customer administrator.

    You receive a Client ID and API Key Secret, which you need to provide to the person who needs to use this key for authentication.

    Tip: Make a secure record of these, as the secret cannot be retrieved again. If it is lost, you will need to revoke the key and regenerate it to receive a new secret.

    The maximum number of API keys you can create for a user is restricted by the APIKEY_MAX_NUM_PER_USER site parameter. You cannot create or regenerate API keys for the user once the limit is reached. For details about the parameter, see ALM Site Parameters.
    Delete Key

    Select a Client ID from the API Keys Management page. Click Delete Key.

    The API key owner will receive a notification email that the key is deleted. If you are a basic user with full control of your API keys, you will not receive notifications when you delete your own API keys.
    Revoke API Key

    Revoke an API key when you want to temporarily block the API key from accessing ALM.

    To revoke an API key, select its client ID from the API Keys Management page, and click Revoke Key.

    The API key owner will receive a notification email that the key is revoked. If you are a basic user with full control of your API keys, you will not receive notifications when you revoke your own API keys.
    Regenerate Key

    You can regenerate a revoked API key, which reactivates the key and provides a new API Key Secret to use with the original Client ID.

    Select a revoked Client ID from the API Keys Management page. Click Regenerate Key.
    Refresh Refreshes the API Keys Management page.
    Check Expiration Date

    The Expiration Date column displays when API keys expire.

    If an API key expires within 10 days, a warning appears next to the expiration date: Will expire in <N> days. The API key will expire at midnight (12:00 a.m.) on the expiration day.

     

Back to top