## Overview

Coralogix custom **API Keys** offer a robust and flexible way to manage access and permissions within your organization. API keys can be generated as personal or shared keys through Coralogix's adaptable [role-based access control (RBAC)](https://coralogix.com/docs/user-guides/aaa/access-control/permissions/index.md). With RBAC, you can assign specific [permissions](https://coralogix.com/docs/user-guides/aaa/access-control/permissions/permissions-list/index.md) or groups of permissions, known as **role (API) presets**, to each key, ensuring precise control over access and operations.

Use Coralogix API keys to:

- **Control access**: Assign specific permissions to users or teams, ensuring only authorized individuals can access certain features or data.
- **Enhance security**: Regularly rotate keys and revoke them as necessary to prevent unauthorized access and maintain security.
- **Facilitate integration**: Seamlessly integrate Coralogix with other tools and services by using API keys for authentication.

## Access API keys

API keys can be accessed through **Settings**, then **Users and Teams**. Select **API Keys**.

## Types of API keys

### Personal keys

Personal keys are specific to individual Coralogix users. They can be created for personal purposes such as integration testing or experimentation and should not be used for production.

This category includes legacy keys, which are maintained for existing customers.

### Send-Your-Data API keys

These shared data ingestion keys ensure secure telemetry data transmission to Coralogix while authenticating the sender's identity. Multiple Send-Your-Data API keys with advanced security systems are supported by our [Send-Your-Data Management API](https://coralogix.com/docs/developer-portal/apis/data-management/send-your-data-management-api/index.md).

This key type supports [access policies](#access-policies-for-api-keys).

### Team keys

Shared team keys authenticate API actions for team members for users with programmatic access to Coralogix. Only team members with the [roles and permissions](https://coralogix.com/docs/user-guides/aaa/access-control/permissions/index.md) contained in a team key may access it. Team key creation and viewing are restricted to members of groups without [data scope](https://coralogix.com/docs/user-guides/account-management/user-management/scopes/index.md) limitations.

This key type supports [access policies](#access-policies-for-api-keys).

## Access policies for API keys

Both **Team keys** and **Send-Your-Data API keys** support [policy-based access control](https://coralogix.com/docs/user-guides/aaa/access-control/policies/index.md). When you add a policy to a key, you add an additional layer of granularity on top of the role-based permissions attached to the key.

Use access policies to:

- Allow all team members with the correct role-based permissions to access the key.
- Restrict access to specific target groups.

Note

Team keys and Send-Your-Data keys are not user-aware. When used to make API requests, user-level [scopes](https://coralogix.com/docs/user-guides/account-management/user-management/scopes/index.md) and resource-level access policies do not apply to the target resource — the key operates solely with the permissions attached to it. For example, calling `getAllDashboards` with a Team key returns all dashboards regardless of any access policies defined on individual dashboards.

### Create a policy

Follow these steps from the resource settings panel.

### Step 1. Open the resource settings

Navigate to the resource (for example, a Custom Dashboard). Open its settings from the settings icon or more actions menu, then scroll to the **Access Policy** section.

### Step 2. Select an access mode

Use the **Who can access this `<resource>`** dropdown to pick a mode:

- **Private** — only you can view and edit the resource. No further configuration is needed; save your changes and you're done.
- **Advanced** — opens the full policy editor for target group rules, general access, and policy permissions. Continue with the steps that follow.

### Step 3. Apply to target groups (optional)

In the **Apply to target groups** section, define per-group access:

1. Search for and select a group in the group field.
1. Select an access level from the action dropdown. Available options differ by resource type — for example, **Read**, **No Access**, or **Manage** for saved views.
1. Select **Apply** to commit the rule.
1. Repeat to add more rules. To remove a rule, select the remove icon next to it.

### Step 4. Set general access

In **General access**, select the default access level for everyone on your team who isn't covered by a target group rule. Available options differ by resource type.

### Step 5. Configure policy permissions (optional)

To control who can view or edit the policy configuration itself, toggle on **Policy permissions**. This reveals a **Policy** column next to each rule, including the general access row. Set the policy access level for each row as needed.

### Step 6. Save your changes

Select **Save** to activate the policy. To restore the default configuration, select **Reset**.

The access policy panel is shared across dashboards, datasets, and other entity types. For details on how policies work, see [Access Policies](https://coralogix.com/docs/user-guides/aaa/access-control/policies/index.md).

## Permissions

The following permissions are necessary to create and view API keys.

| **API Key**        | **Permission**                            | **Role Presets** |
| ------------------ | ----------------------------------------- | ---------------- |
| **Personal**       | `personal-custom-api-keys:Manage`         | APIKeys          |
|                    | `personal-custom-api-keys:ReadConfig`     | APIKeys          |
| **Send-Your-Data** | `data-ingest-api-keys:Manage`             | `SendData`       |
|                    | `data-ingest-api-keys:ReadConfig`         | `SendData`       |
|                    | `data-ingest-api-keys:ReadAccessPolicy`   |                  |
|                    | `data-ingest-api-keys:UpdateAccessPolicy` |                  |
| **Team**           | `team-custom-api-keys:Manage`             | APIKeys          |
|                    | `team-custom-api-keys:ReadConfig`         | APIKeys          |
|                    | `data-ingest-api-keys:ReadAccessPolicy`   |                  |
|                    | `data-ingest-api-keys:UpdateAccessPolicy` |                  |

Note

PBAC access-policy actions (`ReadAccessPolicy`, `UpdateAccessPolicy`) are not included in the default `APIKeys` preset.

## Security

As a security best practice, Coralogix suggests generating multiple keys for your organization, with the option to view and download them once. Employing multiple API keys enables you to regularly rotate keys to enhance security or to revoke a specific key in case of accidental exposure or when discontinuing the associated service.

To activate advanced security settings, navigate to **Settings**, then **API Key Security Settings**.

Once the API Key Security Settings have been activated, when generating a new API key, you will have a **one-time opportunity** to view and copy it on your UI upon its creation. You must download it as a text file to be saved locally.

Note

- Only users with `team-api-keys-security-settings:Manage` permission can control this attribute. Those with the `team-api-keys-security-settings:ReadConfig` permission may view it.
- Once these settings are in place, they will apply to **new keys** generated after this time.

## Create an API key

API keys can be accessed through **Settings**, then **Users and Teams**. Select **API Keys**.

1. From the **API Keys** page, select **+ Key** for the key type you want to create.

1. Add a recognizable key name.

1. From the **Role Presets** dropdown, select the role presets to attach to the key.

   Alternatively, or in addition, select **Advanced** to manually select individual team permissions.

   Note

   Given the RUM API key's public nature and to ensure users' privacy, the RUM preset is standalone and may not be attached to other roles or role presets.

1. (Optional) For Team and Send-Your-Data API keys, configure an [access policy](#access-policies-for-api-keys) to control who can view and manage the key.

1. Select **Create**.

1. Save your key by copying and downloading it. If **API Key Security Settings** are activated, you have a one-time opportunity to view and copy it, and are required to download it as a text file to save locally.

1. Select **Done**.

## Actions

Once added, your key will appear in Keys with all of your existing keys, along with its name, creator name and type, creation date, and status. You can **view**, **copy**, **activate, deactivate,** and even **delete** it as necessary.

## Migrate legacy keys to custom API keys

Legacy keys, such as the Alerts, Rules, & Tags API key, the Logs Query API key, and the Team API key, appear under **Personal keys** in the Keys UI.

Legacy Send-Your-Data API keys appear under **Send-Your-Data API keys**.\
Legacy SCIM keys appear under **Team keys**.

Select the eye icon next to each legacy key to view its role presets and permissions. You can recreate these keys using this information as more streamlined, customized API keys.

## API

### HTTP

| **API Name**                                                                      | **Usage**                                                                                                                                                                                                            |
| --------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [API Keys](https://docs.coralogix.com/api-reference/v5/api-keys-service/overview) | The API Keys API lets you programmatically create, retrieve, update, and delete Coralogix API keys. It also allows you to assign permissions and manage access to each key using policy-based access control (PBAC). |

## API

### HTTP

| **API Name**                                                                          | **Usage**                                                                                                                                                                                                            |
| ------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [API Keys](https://docs.coralogix.com/api-reference/latest/api-keys-service/overview) | The API Keys API lets you programmatically create, retrieve, update, and delete Coralogix API keys. It also allows you to assign permissions and manage access to each key using policy-based access control (PBAC). |

## Additional resources

Basics of Regions and API Keys

## Support

**Need help?**

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us **via our in-app chat** or by emailing [support@coralogix.com](mailto:support@coralogix.com).