Application access keys
To use the Device Management service APIs to access devices, you must choose the type of key for application access. One type of key you can use is the application access key. This is an access key you create and deploy to the application.
Note: API keys are deprecated as of August 2020. Create an access key instead. Your existing API keys are still valid.
The access key is associated with a group to which your application belongs and the team you associate the key with.
-
The initial access rights come from the group your application belongs to.
To upgrade the access rights, add the access key's application to the Administrators group. You can only do this if you are an administrator, yourself.
Tip: If you want developers to be able to use the APIs to create new access keys, you need to provide them an access key in an application with administrator access rights.
-
The key is associated with the team you used to create the access key and the chosen application.
"Your team" means the team you used to create the access key. You were logged in to Device Management Portal with this team, or created the new key (with the APIs) with administrator rights.
You cannot change the application association of an access key. Applications are always associated with a team.
Note: Anyone with your access key can access your account. To stop unauthorized use of the key, deactivate or delete the key.
Creating an access key
Before creating an access key, there must be at least one application already in the account. For information about creating an application, please see Application access management.
Note: You can create up two access keys per application.
In Portal: Creating an access key
-
Go to Access Management > Access keys.
-
Click New Access key.
The Create Access key pop-up opens.
-
Give the access key an easily recognizable name. The name must be unique.
-
Choose the application the new access key will be associated with.
-
Give a description for the new access key.
-
Click Create Access key.
The access key is displayed as plain text with a Copy to Clipboard button.
Note: You won't see the full access key with its secret part again. Please copy it to a safe location.
Using the API: Creating an access key
Use the /v3/applications/{application_id}/access-keys
endpoint to create an access key.
You can only perform this action if you authenticate it with an administrator's access key. You must already have at least one key with administrator rights before you can use the APIs to create any other keys.
Viewing and editing an access key
In Portal: Viewing and editing an access key
To view and edit access key details:
-
Go to Access Management > Access keys.
-
Click the key name.
The Access key pane opens. You can only edit one key at a time.
-
Click the Edit button.
The Edit Access key pop-up opens. The available actions are:
- Rename.
- Deactivate or reactivate.
Note: Access keys can have an expiration date. When an access key has expired, you can't use it anymore. To reactivate the key, update the expiration to a future date. Alternatively, delete the access key, and create a new one.
The Access key pane has two tabs that do not offer actions:
- Summary: Basic key information, including the API host URL this access key can authenticate with, expiration date and the first eight characters of the public portion of the key.
- Attributes: Full key information as returned by the API, including the public portion of the key.
Using the API: Viewing and editing an access key
Use the Account Management API to manage existing keys. You must send the request with an administrator's access key.
Deactivating, reactivating and deleting an access key
You may want to delete an access key in these conditions:
- Depending on your account type, you may have a limited number of access keys. If you've reached your limit, you must delete an existing key to create a new one.
- If you think your access key was exposed to a third party or any other unauthorized persons.
- For any other security reason. For example, if you no longer use and maintain the application that relied on a specific key, it's good practice to remove the key as the unmaintained application may have a security vulnerability.
Note: Keys are automatically deleted if their corresponding application is deleted.
In Portal: Deactivating, reactivating and deleting an access key
To temporarily deactivate or delete an access key:
- Deactivating an access key is one of the options available when editing an access key. Use this option if you are still not sure whether you want to delete the key and want to suspend its access while you investigate.
- You can reactivate the key if you are sure it’s safe.
- You can delete each access key separately, or multiple keys as a bulk action from the keys list. You cannot undo the delete operation. If you're not sure about the deletion, consider temporarily deactivating the key.
Using the API: Deactivating, reactivating and deleting an access key
Use the Account Management API to manage existing keys. You must send the request with an administrator's access key.
Using access keys in Secure Device Access (SDA)
To use the keys in a Secure Device Access application, or associate the keys with groups, see Secure Device Access.