Generating API keys for authentication

Edit online

With an API key, you can automatically authenticate to the IBM® watsonx.data platform from a script or application. Your API keys are associated with your credentials and are specific to you. With API keys, you can authenticate without entering your password.

watsonx.data on Red Hat® OpenShift®

You can generate:
  • A platform API key
  • An instance API key

Your platform API key enables scripts and applications to access everything that you would typically be able to access when you log in to the watsonx.data web client. An instance API key enables access only to the specific instance from which is it generated.

Before you generate an API key, consider the following factors:

What level of access is required?

As a security best practice, it is recommended that you give the least amount of access necessary to the script or application. For example, if a script needs to interact only with a specific service instance, generate an API key for that service instance.

What type of key can you generate?
Some services do not support instance-level API keys. If you cannot generate an API key that is specific to the service, you must use your platform API key.
Important:

Be sure to store your API keys somewhere safe. If you lose an API key, you need to create a new key and update any scripts or applications where the key is used.

Platform API key

With a platform API key, you can access everything that you would typically be able to access when you log in to the watsonx.data web client.

To generate a platform API key, complete the following steps.

  1. Log in to the web client.
  2. From the toolbar, click your avatar.
  3. Click Profile and settings.
  4. Click API key > Generate new key.
  5. Click Generate.
  6. Click Copy and save your key. You cannot recover this key if you lose it.

If you lose your API key, repeat the preceding steps to generate a new API key. Your old API key becomes invalid, and any applications or scripts cannot authenticate to the platform until you provide your new API key.

If you believe that your API key is compromised, complete the following steps.

  1. Log in to the web client.
  2. From the toolbar, click your avatar.
  3. Click Profile and settings.
  4. Click API key > Revoke current key.
  5. Click Revoke.

Any applications or scripts that use the key cannot authenticate to the platform.

Instance API keys

If you have access to a specific instance of a service, you can generate an API key to access only that service instance.

To generate an instance API key, complete the following steps.

  1. Log in to the web client.
  2. From the navigation menu, select Services > Instances.
  3. Click the name of the instance for which you want to generate an API key.
  4. Click Instance API key > Generate API key.
  5. Click Generate.
  6. Click Copy and save your key. You cannot recover this key if you lose it.

If you lose your API key, repeat the preceding steps to generate a new API key. Your old API key becomes invalid, and any applications or scripts cannot authenticate to the instance until you provide your new API key.

If you believe that your API key is compromised, complete the following steps.

  1. Log in to the web client.
  2. From the navigation menu, select Services > Instances.
  3. Click the name of the instance for which you want to revoke your current API key.
  4. Click Instance API key > Revoke API key.
  5. Click Revoke.

Any applications or scripts that use the key cannot authenticate to the platform.