Generate API Keys

The StrongDM API allows for programmatic management of users, permissions, and resources within an organization.

API Credentials #

To use the StrongDM API, you need to have an API access and secret key. These keys authorize every request when managing objects with the API, so please keep them safe.

From the Admin UI’s Principals > Tokens section, you can view, add, clone, and delete API keys.

How to add API keys #

1. In the Principals > Tokens section of the Admin UI, click Add API key.
2. On the Create API Key page that displays, enter a name, determine when the credentials expire, and specify the scope of permissions.

   

3. Click Create.
4. Save the set of access and secret keys that are shown.

Clone keys #

Cloning creates a new pair of keys with the same set of permissions as the original set.

Delete keys #

Once deleted, API keys are instantly invalidated, preventing any further API requests from being made.

How to Use Keys #

StrongDM has four language-specific SDKs and a Terraform provider. The following SDKs contain more information on the respective options.

• Python
• Go
• Java
• Ruby
• Terraform

What About the CLI? #

The StrongDM CLI remains a convenient way of managing StrongDM resources with your user credentials. Please see the CLI reference docs for more information about the CLI.

API Keys Created by Suspended Users #

What happens to API keys that are owned by a suspended user? API keys are still usable even if the user who created them is suspended.

When suspending a user, the Admin UI lists the API keys created by that user and asks if they should be deleted. Select No to keep them.

After confirming suspension, you can see in the Principals > Tokens page that the API keys continue to be owned by the suspended user. Because API keys are a public/private pair, new keys need to be created and the old keys need to be deleted when any automation systems use the new keys.