API access keys
The API Access tab allows admins to view and generate access keys for other users.
Access key details
To view and generate access keys, go to LoadRunner Cloud banner > Settings > Management > API Access.
For each access key, the following columns are displayed:
Client ID. The client ID issued as the access key
User. A user who has been granted multiple access keys will appear multiple times
Email. The user's email
Created On. The date the access key was created
Age. The age, in days, of the access key
Last Access. The date that the access key was last accessed
Create or revoke access keys
The API Access tab lets you create or revoke access keys.
To create a new access key:
- Click the * Create button.
- In the Create access key window, select a user.
- Click Create.
Copy the client ID and secret key and send it to the user.
Caution: This is the only time you will have access to the secret key—it will only be displayed once, when it is generated. When you create an access key pair, save it in a secure location. If you lose your secret key, you must delete the access key and create a new one.
To return to LoadRunner Cloud, click Back to working area.
To revoke an access key:
- Select the user for whom you want to revoke the key.
- Click the X Revoke button.
- Click Revoke.
Access key guidelines and best practices
The following guidelines and best practices apply when working with the LoadRunner Cloud access keys:
- A user cannot have more than two access keys at a given time. This encourages you to rotate the active keys. To assign a new access key to a user with two access keys, revoke an existing one.
- Access keys are per tenant. If the same user exists in multiple tenants, the user must have a separate access key for each tenant.
Access keys are long-term credentials for a user and have no expiration date. LoadRunner Cloud does not enforce an expiration policy.
Do not embed access keys directly into your code.
Rotate access keys periodically at least once a year.
Remove unused access keys.
Your organization may have different security requirements and policies than those described in this section. The suggestions provided here are intended as general guidelines.
Caution: Do not share your access keys with a third party. By doing this, you might give someone permanent access to your account.