API access keys

The API Access tab lets administrators view and generate access keys for users.

Access key details

Access keys provide client IDs and secret keys that can be used with Public API, On-premises load generators, LoadRunner Cloud agents, and CI tools instead of password authentication.

You view and generate access keys in the Project management > API Access tab.

For each access key, the following columns are displayed:

  • Client ID. The client ID issued as the access key.

  • User. A user who has been granted multiple access keys will appear multiple times.

  • Email. The user's email.

  • Created On. The date the access key was created.

  • Age. The age, in days, of the access key.

  • Last Access. The date that the access key was last accessed.

Back to top

Create or revoke access keys

The API Access tab lets you create or revoke access keys.

To create a new access key:

  1. Click the * Create button.
  2. In the Create access key window, select a user.
  3. Click Create.
  4. Copy the client ID and secret key and send it to the user.

    Caution: This is the only time you will have access to the secret key—it will only be displayed once, when it is generated. When you create an access key pair, save it in a secure location. If you lose your secret key, you must delete the access key and create a new one.

  5. To return to LoadRunner Cloud, click Back to working area.

To revoke an access key:

  1. Click the X Revoke button.
  2. Select the user for whom you want to revoke the key.
  3. Click Revoke.

Back to top

Access key guidelines and best practices

The following guidelines and best practices apply when working with the LoadRunner Cloud access keys:

  • A user cannot have more than two access keys at a given time. This encourages you to rotate the active keys. To assign a new access key to a user with two access keys, revoke an existing one.
  • Access keys are per tenant. If the same user exists in multiple tenants, the user must have a separate access key for each tenant.
  • Access keys are long-term credentials for a user and have no expiration date. LoadRunner Cloud does not enforce an expiration policy.

  • Do not embed access keys directly into your code.

  • Rotate access keys periodically at least once a year.

  • Remove unused access keys.

Your organization may have different security requirements and policies than those described in this section. The suggestions provided here are intended as general guidelines.

Caution: Do not share your access keys with a third party. By doing this, you might give someone permanent access to your account.

Back to top

See also: