API access keys
The API Access tab allows admins to view and generate access keys for other users.
Access key details
Access keys provide client IDs and secret keys that can be used with Public API, On-premises load generators, LoadRunner Cloud agents, and CI plugins instead of password authentication.
To view and generate access keys, go to LoadRunner Cloud banner > Settings > Management > API Access.
For each access key, the following columns are displayed:
Client ID. The client ID issued as the access key
User. A user who has been granted multiple access keys appears multiple times
Email. The user's email
Created On. The date the access key was created
Age. The age, in days, of the access key
Last Access. The date that the access key was last accessed
Create or revoke access keys
The API Access tab lets you create or revoke access keys.
To create a new access key:
- Click the * Create button.
- In the Create access key window, select a user.
- Click Create.
Copy the client ID and secret key and send it to the user.
Caution: This is the only time you will have access to the secret key—it is only displayed once, when it is generated. When you create an access key pair, save it in a secure location. If you lose your secret key, you must delete the access key and create a new one.
To return to LoadRunner Cloud, click Back to working area.
To revoke an access key:
- Select the user for whom you want to revoke the key.
- Click the X Revoke button.
- Click Revoke.
Access key guidelines and best practices
The following guidelines and best practices apply when working with the LoadRunner Cloud access keys:
- A user cannot have more than two access keys at a given time. This encourages you to rotate the active keys. To assign a new access key to a user with two access keys, revoke an existing one.
- Access keys are per tenant. If the same user exists in multiple tenants, the user must have a separate access key for each tenant.
LoadRunner Cloud does not enforce an expiration policy. However, we strongly recommend rotating access keys periodically.
The recommended lifetime of an access key is 90 days. Using an access key for more than 12 months is considered bad security and is not recommended. A warning icon is displayed in the Tenant Management > Assets > API Access area when these recommended times are exceeded.
Do not embed access keys directly into your code.
Remove unused access keys.
Your organization may have different security requirements and policies than those described in this section. The suggestions provided here are intended as general guidelines.
Caution: Do not share your access keys with a third party. By doing this, you might give someone access to your account.