API Keys
Overview
Coralogix custom API Keys offer a robust and flexible way to manage access and permissions within your organization. API keys can be generated as personal or shared keys through Coralogix's adaptable role-based access control (RBAC). With RBAC, you can assign specific permissions or groups of permissions, known as role (API) presets, to each key, ensuring precise control over access and operations.
Use Coralogix API keys to:
Control access: Assign specific permissions to users or teams, ensuring only authorized individuals can access certain features or data.
Enhance security: Regularly rotate keys and revoke them as necessary to prevent unauthorized access and maintain security.
Facilitate integration: Seamlessly integrate Coralogix with other tools and services by using API keys for authentication.
Access API keys
API keys can be accessed through Settings, then Users and Teams. Select API Keys.
Types of API keys
Personal keys
Personal keys are specific to individual Coralogix users. They can be created for personal purposes such as integration testing or experimentation and should not be used for production.
This category includes legacy keys, which are maintained for existing customers.
Send-Your-Data API keys
These shared data ingestion keys ensure secure telemetry data transmission to Coralogix while authenticating the sender's identity. Multiple Send-Your-Data API keys with advanced security systems are supported by our Send-Your-Data Management API.
This key type supports access policies.
Team keys
Shared team keys authenticate API actions for team members for users with programmatic access to Coralogix. Only team members with the roles and permissions contained in a team key may access it. Team key creation and viewing are restricted to members of groups without data scope limitations.
This key type supports access policies.
Access policies for API keys
Both Team keys and Send-Your-Data API keys support policy-based access control. When you add a policy to a key, you add an additional layer of granularity on top of the role-based permissions attached to the key.
Use access policies to:
- Allow all team members with the correct role-based permissions to access the key.
- Restrict access to specific target groups or users.
- Specify exception rules that control actions for chosen groups or users.
Note
Team keys and Send-Your-Data keys are not user-aware. When used to make API requests, user-level scopes and resource-level access policies do not apply to the target resource — the key operates solely with the permissions attached to it. For example, calling getAllDashboards with a Team key returns all dashboards regardless of any access policies defined on individual dashboards.
Create a policy
Follow these steps from the resource's Access policy section.
Step 1. Set general access
General access sets the default access level for everyone in your team. Select an access level from the dropdown — available options differ by resource type.
Step 2. Add target group rules (optional)
Override the default for specific groups:
- In the Add groups to define a rule field, search for and select one or more groups.
- Set the access level for the group using the dropdown.
- To add another rule, select + Add.
- To remove a rule, select the remove icon next to it.
Step 3. Configure policy access (optional)
To control who can view or edit the policy itself, toggle on Show advanced. This reveals a Policy column next to each rule row. Set the policy access level for each row as needed.
Step 4. Save your changes
Select Save to activate the policy. To restore the default policy configuration, select Reset.
The access policy panel is shared across dashboards, datasets, and other entity types. For details on how policies work, see Access Policies.
Permissions
The following permissions are necessary to create and view API keys.
| API Key | Permission | Role Presets |
|---|---|---|
| Personal | personal-custom-api-keys:Manage | APIKeys |
personal-custom-api-keys:ReadConfig | APIKeys | |
| Send-Your-Data | data-ingest-api-keys:Manage | SendData |
data-ingest-api-keys:ReadConfig | SendData | |
data-ingest-api-keys:ReadAccessPolicy | ||
data-ingest-api-keys:UpdateAccessPolicy | ||
| Team | team-custom-api-keys:Manage | APIKeys |
team-custom-api-keys:ReadConfig | APIKeys | |
data-ingest-api-keys:ReadAccessPolicy | ||
data-ingest-api-keys:UpdateAccessPolicy |
Note
PBAC access-policy actions (ReadAccessPolicy, UpdateAccessPolicy) are not included in the default APIKeys preset.
Security
As a security best practice, Coralogix suggests generating multiple keys for your organization, with the option to view and download them once. Employing multiple API keys enables you to regularly rotate keys to enhance security or to revoke a specific key in case of accidental exposure or when discontinuing the associated service.
To activate advanced security settings, navigate to Settings, then API Key Security Settings.
Once the API Key Security Settings have been activated, when generating a new API key, you will have a one-time opportunity to view and copy it on your UI upon its creation. You must download it as a text file to be saved locally.
Note
Only users with
team-api-keys-security-settings:Managepermission can control this attribute. Those with theteam-api-keys-security-settings:ReadConfigpermission may view it.Once these settings are in place, they will apply to new keys generated after this time.
Create an API key
API keys can be accessed through Settings, then Users and Teams. Select API Keys.
- From the API Keys page, select + Key for the key type you want to create.
- Add a recognizable key name.
From the Role Presets dropdown, select the role presets to attach to the key.
Alternatively, or in addition, select Advanced to manually select individual team permissions.
Note
Given the RUM API key's public nature and to ensure users' privacy, the RUM preset is standalone and may not be attached to other roles or role presets.
(Optional) For Team and Send-Your-Data API keys, configure an access policy to control who can view and manage the key.
- Select Create.
- Save your key by copying and downloading it. If API Key Security Settings are activated, you have a one-time opportunity to view and copy it, and are required to download it as a text file to save locally.
- Select Done.
Actions
Once added, your key will appear in Keys with all of your existing keys, along with its name, creator name and type, creation date, and status. You can view, copy, activate, deactivate, and even delete it as necessary.
Migrate legacy keys to custom API Keys
Legacy keys, such as the Alerts, Rules, & Tags API key, the Logs Query API key, and the Team API key, appear under Personal keys in the Keys UI.
Legacy Send-Your-Data API keys appear under Send-Your-Data API keys.
Legacy SCIM keys appear under Team keys.
Select the eye icon next to each legacy key to view its role presets and permissions. You can recreate these keys using this information as more streamlined, customized API keys.
API
HTTP
| API Name | Usage |
|---|---|
| API Keys | The API Keys API lets you programmatically create, retrieve, update, and delete Coralogix API keys. It also allows you to assign permissions and manage access to each key using policy-based access control (PBAC). |
Additional resources
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by emailing [email protected].