# API keys

Copy as Markdown[Open in ChatGPT](https://chatgpt.com/?q=Read%20https%3A%2F%2Fcoralogix.com%2Fdocs%2Fuser-guides%2Faccount-management%2Fapi-keys%2Fapi-keys.md%20and%20help%20me%20with%20my%20question%20about%20this%20Coralogix%20documentation%20page.)[Open in Claude](https://claude.ai/new?q=Read%20https%3A%2F%2Fcoralogix.com%2Fdocs%2Fuser-guides%2Faccount-management%2Fapi-keys%2Fapi-keys.md%20and%20help%20me%20with%20my%20question%20about%20this%20Coralogix%20documentation%20page.)[API reference](https://coralogix.com/docs/docs/api-reference/v5/api-keys-service)[Terraform](https://registry.terraform.io/providers/coralogix/coralogix/latest/docs/resources/api_key)

## Overview[​](#overview "Direct link to Overview")

Coralogix custom **API Keys** offer a robust and flexible way to manage access and permissions within your organization. API keys can be generated as personal or shared keys through Coralogix's adaptable [role-based access control (RBAC)](https://coralogix.com/docs/docs/user-guides/aaa/access-control/permissions/.md). With RBAC, you can assign specific [permissions](https://coralogix.com/docs/docs/user-guides/aaa/access-control/permissions/permissions-list/.md) or groups of permissions, known as **role (API) presets**, to each key, ensuring precise control over access and operations.

Use Coralogix API keys to:

* **Control access**: Assign specific permissions to users or teams, ensuring only authorized individuals can access certain features or data.

* **Enhance security**: Regularly rotate keys and revoke them as necessary to prevent unauthorized access and maintain security.

* **Facilitate integration**: Seamlessly integrate Coralogix with other tools and services by using API keys for authentication.

## Access API keys[​](#access-api-keys "Direct link to Access API keys")

API keys can be accessed through **Settings**, then **Users and Teams**. Select **API Keys**.

## Types of API keys[​](#types-of-api-keys "Direct link to Types of API keys")

### Personal keys[​](#personal-keys "Direct link to Personal keys")

Personal keys are specific to individual Coralogix users. They can be created for personal purposes such as integration testing or experimentation and should not be used for production.

This category includes legacy keys, which are maintained for existing customers.

### Send-Your-Data API keys[​](#send-your-data-api-keys "Direct link to Send-Your-Data API keys")

These shared data ingestion keys ensure secure telemetry data transmission to Coralogix while authenticating the sender's identity. Multiple Send-Your-Data API keys with advanced security systems are supported by our [Send-Your-Data Management API](https://coralogix.com/docs/docs/developer-portal/apis/data-management/send-your-data-management-api/.md).

This key type supports [access policies](#access-policies-for-api-keys).

### Team keys[​](#team-keys "Direct link to Team keys")

Shared team keys authenticate API actions for team members for users with programmatic access to Coralogix. Only team members with the [roles and permissions](https://coralogix.com/docs/docs/user-guides/aaa/access-control/permissions/.md) contained in a team key may access it. Team key creation and viewing are restricted to members of groups without [data scope](https://coralogix.com/docs/docs/user-guides/account-management/user-management/scopes/.md) limitations.

This key type supports [access policies](#access-policies-for-api-keys).

## Access policies for API keys[​](#access-policies-for-api-keys "Direct link to Access policies for API keys")

Both **Team keys** and **Send-Your-Data API keys** support [policy-based access control](https://coralogix.com/docs/docs/user-guides/aaa/access-control/policies/.md). When you add a policy to a key, you add an additional layer of granularity on top of the role-based permissions attached to the key.

Use access policies to:

* Allow all team members with the correct role-based permissions to access the key.
* Restrict access to specific target groups.

Note

Team keys and Send-Your-Data keys are not user-aware. When used to make API requests, user-level [scopes](https://coralogix.com/docs/docs/user-guides/account-management/user-management/scopes/.md) and resource-level access policies do not apply to the target resource — the key operates solely with the permissions attached to it. For example, calling `getAllDashboards` with a Team key returns all dashboards regardless of any access policies defined on individual dashboards.

### Create a policy[​](#create-a-policy "Direct link to Create a policy")

Every API key policy starts with the **Who can access this API key** mode selector:

* **Private** — only you can use and manage the key. This is the default for newly created keys.
* **Public** — anyone in the team with role-based access to API keys can use and manage the key.
* **Advanced** — opens the full policy editor for target group rules and general access.

<!--$?-->

<!--/$-->

For configuration examples (team-only, everyone-except-group, read-only with selected managers, and more), see [Access policies → Configuration examples](https://coralogix.com/docs/docs/user-guides/aaa/access-control/policies/.md#configuration-examples). The access policy panel is shared across dashboards, saved views, and other supported resource types — for the full model including permissions, restricted-group behavior, and FAQs, see [policy-based access control](https://coralogix.com/docs/docs/user-guides/aaa/access-control/policies/.md).

To delegate who can administer the key's access policy, turn on the **Policy permissions** toggle in the **Access Policy** panel. See [Policy permissions](https://coralogix.com/docs/docs/user-guides/aaa/access-control/policies/.md#policy-permissions).

## Permissions[​](#permissions "Direct link to Permissions")

The following permissions are necessary to create and view API keys.

| **API Key**        | **Permission**                            | **Role Presets** |
| ------------------ | ----------------------------------------- | ---------------- |
| **Personal**       | `personal-custom-api-keys:Manage`         | APIKeys          |
|                    | `personal-custom-api-keys:ReadConfig`     | APIKeys          |
| **Send-Your-Data** | `data-ingest-api-keys:Manage`             | `SendData`       |
|                    | `data-ingest-api-keys:ReadConfig`         | `SendData`       |
|                    | `data-ingest-api-keys:ReadAccessPolicy`   |                  |
|                    | `data-ingest-api-keys:UpdateAccessPolicy` |                  |
| **Team**           | `team-custom-api-keys:Manage`             | APIKeys          |
|                    | `team-custom-api-keys:ReadConfig`         | APIKeys          |
|                    | `team-custom-api-keys:ReadAccessPolicy`   |                  |
|                    | `team-custom-api-keys:UpdateAccessPolicy` |                  |

Note

PBAC access-policy actions (`ReadAccessPolicy`, `UpdateAccessPolicy`) are not included in the default `APIKeys` preset.

## Security[​](#security "Direct link to Security")

As a security best practice, Coralogix suggests generating multiple keys for your organization, with the option to view and download them once. Employing multiple API keys enables you to regularly rotate keys to enhance security or to revoke a specific key in case of accidental exposure or when discontinuing the associated service.

To activate advanced security settings, navigate to **Settings**, then **API Key Security Settings**.

Once the API Key Security Settings have been activated, when generating a new API key, you will have a **one-time opportunity** to view and copy it on your UI upon its creation. You must download it as a text file to be saved locally.

Note

* Only users with `team-api-keys-security-settings:Manage` permission can control this attribute. Those with the `team-api-keys-security-settings:ReadConfig` permission may view it.

* Once these settings are in place, they will apply to **new keys** generated after this time.

## Create an API key[​](#create-an-api-key "Direct link to Create an API key")

API keys can be accessed through **Settings**, then **Users and Teams**. Select **API Keys**.

1. From the **API Keys** page, select **+ Key** for the key type you want to create.

2. Add a recognizable key name.

3. From the **Role Presets** dropdown, select the role presets to attach to the key.

   Alternatively, or in addition, select **Advanced** to manually select individual team permissions.

   Note

   Given the RUM API key's public nature and to ensure users' privacy, the RUM preset is standalone and may not be attached to other roles or role presets.

4. (Optional) For Team and Send-Your-Data API keys, configure an [access policy](#access-policies-for-api-keys) to control who can view and manage the key.

5. Select **Create**.

6. Save your key by copying and downloading it. If **API Key Security Settings** are activated, you have a one-time opportunity to view and copy it, and are required to download it as a text file to save locally.

7. Select **Done**.

## Actions[​](#actions "Direct link to Actions")

Once added, your key will appear in Keys with all of your existing keys, along with its name, creator name and type, creation date, and status. You can **view**, **copy**, **activate, deactivate,** and even **delete** it as necessary.

## Migrate legacy keys to custom API keys[​](#migrate-legacy-keys-to-custom-api-keys "Direct link to Migrate legacy keys to custom API keys")

Legacy keys, such as the Alerts, Rules, & Tags API key, the Logs Query API key, and the Team API key, appear under **Personal keys** in the Keys UI.

[![](/docs/assets/images/Screenshot-2024-06-19-at-12.13.25-354c407c8aea0314b3215ccd19a86088.webp)](https://coralogix.com/docs/docs/assets/images/Screenshot-2024-06-19-at-12.13.25-354c407c8aea0314b3215ccd19a86088.webp)

Legacy Send-Your-Data API keys appear under **Send-Your-Data API keys**.<br /><!-- -->Legacy SCIM keys appear under **Team keys**.

Select the eye icon next to each legacy key to view its role presets and permissions. You can recreate these keys using this information as more streamlined, customized API keys.

## API[​](#api "Direct link to API")

### HTTP[​](#http "Direct link to HTTP")

| **API Name**                                                                           | **Usage**                                                                                                                                                                                                            |
| -------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [API Keys](https://coralogix.com/docs/docs/api-reference/v5/api-keys-service/overview) | The API Keys API lets you programmatically create, retrieve, update, and delete Coralogix API keys. It also allows you to assign permissions and manage access to each key using policy-based access control (PBAC). |

## Additional resources[​](#additional-resources "Direct link to Additional resources")

![Basics of Regions and API Keys](https://img.youtube.com/vi/EEKAIxVrDaM/mqdefault.jpg)

Basics of Regions and API Keys
