Manage API Keys after their Creation

You can modify the properties of an API key at any time after it is created.

Reset a secret key

Use an APIKeysApi object to generate a new secret key for an existing API key. For example, reset the secret key when periodically rotating API keys. Once replaced, the previous secret key will no longer be authenticated by Deep Security Manager.

When you reset the secret key, the returned API key contains the new secret key in the secret_key (Python) or secretKey (JavaScript) property. For Java, you can use the getSecretKey method of the returned ApiKey object.

The APIKeysApi class provides the replace_api_secret_key function (replaceApiSecretKey in JavaScript and Java) that takes the ID of the API key as a parameter. The following example creates a new secret key for an existing API key.

Python
View source
# Reset the key
api_keys_api = api.APIKeysApi(api.ApiClient(configuration))
return api_keys_api.replace_api_secret_key(key_id, api_version)
JavaScript
View source
return new Promise((resolve, reject) => {
  const apiKeysApi = new api.APIKeysApi();
  apiKeysApi
    .replaceApiSecretKey(keyID, apiVersion)
    .then(key => {
      resolve(key.secretKey);
    })
    .catch(error => {
      reject(error);
    });
});
Java
View source
ApiKeysApi apiKeysApi = new ApiKeysApi();
return apiKeysApi.replaceApiSecretKey(key.getID(), apiVersion);

Also see the Generate an API Secret Key in the API Reference.

Control API key access after creation

After you create an API key you still have control over the API key's access to Deep Security Manager:

  • Modify access rights: Modify the role that is associated with the API key or associate the API key with a different role. (See also Control Access Using Roles.)
  • Revoke access: Either lock out the key to temporarily revoke access, or delete the API key to permanently revoke access.

To modify an API key, create an ApiKey object and set values for the properties that you want to change. Then, use the APIKeysApi class to modify the API key on Deep Security Manager.

The following example code changes the role that is associated with an API key.

Python
View source
# Create a key and set the role ID
key = api.ApiKey()
key.role_id = role_id

# Modify the key on Deep Security Manager
api_keys_api = api.APIKeysApi(api.ApiClient(configuration))
api_keys_api.modify_api_key(key_id, key, api_version)

return key.role_id
JavaScript
View source
// Create a key and set the role ID
const key = new api.ApiKey();
key.roleID = roleID;

// Modify the key on Deep Security Manager
const apiKeysApi = new api.APIKeysApi();
apiKeysApi
  .modifyApiKey(keyID, key, apiVersion)
  .then(key => {
    resolve(key.roleID);
  })
  .catch(error => {
    reject(error);
  });
Java
View source
// Create Key object that uses the role
ApiKey keyWithRole = new ApiKey();
keyWithRole.setRoleID(roleID);

// Update the key on Deep Security Manager
ApiKeysApi apiKeysApi = new ApiKeysApi();
return apiKeysApi.modifyApiKey(key.getID(), keyWithRole, apiVersion);

Also see the Modify an API Key, Delete and API Key, and Modify an Administrator Role operations in the API Reference.

To use the Deep Security Manager to modify the API key, go to Administration > User Management > API Keys, select the API key and click Properties.