API key accounts
API key accounts are designed to enable external scripts or apps to authenticate to the SOAR Platform through the REST API, with the minimum permissions. A system-generated token is used to authenticate. API key accounts are not linked to LDAP and cannot access the SOAR Platform user interface, own incidents or be members of an incident or group. The API key display name is unique for each organization in the SOAR Platform.
About this task
Apps that are installed using the Apps tab automatically create their own API key account. For apps that are deployed with the Integration Server, manually create an API key account with a set of permissions that are needed for that app to run successfully.
Each API key account contains a server-generated ID and secret, a unique display name, and the permissions assigned. It also contains the user who created or last updated the key account and the created or updated time and date, and if added, a description.
API key accounts ignore two factor authentication. In addition, API key accounts cannot access the SOAR Platform user interface. They cannot own or be members of incidents, own or be members of tasks, or be members of a group.
Incidents that are created by API key accounts are automatically assigned to the default group if an incident owner is not specified during incident creation.
Procedure
Results
The API Key Account is created.
To change the permissions, display name, or description, go to Administrator Settings > Users > API Keys, select the key to edit, and click Edit. From the editor, change the permissions or display name, as needed.
If you need to regenerate the key, see Regenerating an API key.
To delete the key, click Regenerate API Key Secret > Delete API Key.
By default, the API Key account expires in one year. For on-premises installations, you can modify the expiration date as described in Password and API key expiration.