Manage API Keys

You manage API keys, including the default API key, by adding, editing existing, disabling, and deleting them.
As a Portal Admin or API Owner, you manage API keys, including the default API key, by adding, editing existing, disabling, and deleting them. When a user adds an application to
API Portal
,
API Portal
auto-generates the default API key for the application, a shared secret, and the other settings that you defined for the application. An API key is a unique identifier for the application. As a Portal Admin and API owner, you can define more granular access within a single application by adding API key/secret pairs for each designated consumer, and then deploy those API keys to different proxies. The application must include a default key and you can change which API key is the default key.
For more information about how to deploy API keys to proxies, see Manage API Key Deployments to Proxies.
Use Cases
The following examples highlight the different use cases for an application with multiple API keys:
Scenario: API Keys for Groups Within a Consumer
You have a shipping application that consumes several APIs to which multiple shipping agents require access. You want to group access to the APIs for multiple territories with designated proxies. Add a shipping application and add separate API keys to that application for each shipping agent. Deploy each API key to the proxy based on the shipping agent’s designated territory.
Scenario: API Keys for Multiple Environments
You have registered proxies for your dev, QA, and prod environments in
API Portal
. You want to create API keys for these different environments. Add an application and add separate API keys to that application for each environment.
Scenario: API Key Rotation
You have business policies that require that you rotate your API keys periodically as a security measure. As part of business continuity, you can create another API key that works in parallel with the initial key before the switching over and disabling the initial key.
Add an API Key
Follow these steps:
  1. Log in to
    Layer7 API Developer Portal
    as a Portal Admin or API Owner.
  2. Open the application in read-only mode (the
    Configuration
    ,
    APIs
    , or
    Deployments
    tab is displayed).
  3. From the
    Actions
    menu, select
    Edit Keys
    .
    A list of API keys display on the
    Authentication & Keys
    tab.
  4. Select
    Add Key
    .
    Fields display to define the new API key.
  5. Complete the following fields, and then select
    Save Key
    :
    • Key Name
      Defines the unique name for the API key. Give your API key an identifiable name that relates to its use. For example, create API keys for different environments, such as
      paymentApp_devkey
      for your development payment application.
    • Default Key
      Select this checkbox to assign this API key as the default key for this application.
      Assigning this API key as the default (selecting this checkbox), unassigns the current default key for the application. Applications can have only one assigned default key.
      Default:
      Cleared
    • Status
      Defines the status of the API key.
      Values:
      Enabled or Disabled
      Default:
      Enabled
    • OAuth
      If any of the APIs that you have added to the application use OAuth, complete the following fields:
      • Callback/Redirect URL(s)
        Defines the callback/redirect URLs for your API key. Separate multiple URLs using a comma.
        https://{yourportalurl}/oauth2-redirect.html
        Optional:
        Yes
      • Scope
        Defines the OAuth scope parameters that specify the privileges that this API key requires from the protected APIs. Separate parameters using a space.
        Optional:
        Yes
      • Type
        Defines the grant type for the OAuth-protected APIs that the API key consumes.
        Values:
        • None
          .
        • Public:
          Defines that the OAuth-protected APIs that this application consumes use the Implicit grant type.
        • Confidential:
          Defines that the OAuth-protected APIs that this application consumes use the Confidential grant type.
        Default:
        None
      • Client ID & Secret
        API Portal
        generates the API key (client ID) and shared secret (client secret) when you save this API key.
      • Secret Type
        Defines the format in which
        API Portal
        generates the secret for this API key.
        Values:
        Hashed or Plaintext
        Default:
        Hashed
        The plaintext format is less secure.
        The
        Key
        page appears. The application is successfully created.
        API Portal
        generates an API key for the application. The API key and shared secret are displayed in plaintext.
The API key is added to the application.
Disable an API Key
The default API key cannot be disabled. As a workaround, you can disable the application, or set another key as default in order to disable the original key.
Follow these steps:
  1. With the application open in read-only mode (the
    Configuration
    ,
    APIs
    , or
    Deployments
    tab is displayed), from the
    Actions
    menu, select
    Edit Keys
    .
    A list of API keys display on the
    Authentication & Keys
    tab.
  2. Select the name of the API key that you want to disable.
    The details for the API key display.
  3. For
    Status
    , select
    Disabled
    .
  4. Select
    Save Key
    .
The API key is disabled.
Delete an API Key
Deleting an API key deletes it from the application.
If an Org Admin or Developer's web/mobile application uses the APIs that have been added to this application in
API Portal
by way of this API key, its access to the application in
API Portal
is lost. Consider disabling the API key instead.
Prerequisites:
  • You have verified that the API key is not deployed to on demand proxies. For more information about how to undeploy an API key from an on demand proxy, see Deploy to Proxies using Portal or Deploy to Proxies using PAPI.
  • The API key that you want to delete is not the default API key for the application.
Follow these steps:
  1. On the
    Applications
    page, select the name of the application for which you want to delete an API key.
    The
    Configuration
    tab opens.
  2. Select the
    Authentication & Keys
    tab.
    A list of API keys display.
  3. Select the name of the API key that you want to delete.
    The details for the API key display.
  4. Select
    Delete Key
    .
  5. When prompted, select
    Delete Key
    .
The API key is deleted.