Managing Global Keys

From the Setup & Configuration > Keys tab, you can view the Account ID, Global Organization ID, and manage Global API keys.

Global API keys differ from organization API keys in scope:

  • Global API keys: Provide access across all organizations in an account. They are managed at the global level and are useful for automation or integrations that need to span multiple organizations.
  • Organization API keys: Provide access only within a single organization. They are managed at the organization level and are useful when access should remain limited to one organization.

Global API keys reduce the need to create and maintain separate organization-level keys when you need cross-organizational access

Prerequisites:
You must meet the following requirements before you can create or manage global API keys:
  • You are a Full Administrator or have a global custom role with Organization: Read and Manage permissions.
  • You have All API Keys: Read, Modify, List, and Delete permissions.

Keep API Keys Secure!

API keys should be kept secure and not shared to prevent unforeseen changes or potential security issues. Never email or write down your API key.

API Keys and Permissions

API keys inherit the same permissions that the user has. For example, an API key belonging to a Full Administrator has the same permissions as in the console, and allows them to perform functions using the API that require Full Administrator permissions.

Viewing Keys

Go to Setup & Configuration → Keys to access the Global Key Management page. The following information is available on this page:

  • Account ID: The UUID for the account. The account name is listed with this ID.
  • Global Organization ID: The UUID required when using global API keys across all organizations in an account.

Both IDs can be copied using the clipboard button.

  • Global API Keys: The Global API Keys table lists all global API keys created for the account. How you view or interact with these keys depends on your permissions. See Global API Key Permissions and Actions for details.

The global API key is used to access the Automox API.

Note: Global API keys are not automatically generated for new users or new organizations. See Adding Global API Keys.

Global API Key Permissions and Actions

Global API keys allow administrators to authenticate and manage resources across multiple organizations in an account. What you can do with these keys depends on your assigned permissions.

  • To view (decrypt) an API key, click the Show button to the right of the hidden characters. The key will automatically hide again after 10 seconds.
  • To copy the API key, click the Copy button (clipboard) to the right of the field. It is automatically decrypted.

Listing Global API Keys

You can list or view global API keys if you have the correct permissions.

  • To list all global API keys, you must have All API Keys: Read permission.
  • To view (decrypt) your own API key, you must have Personal API Key: Manage permission.

Adding Global API Keys

You can create up to 10 global API keys per user account.

  • To add a global API key for yourself, you must have Personal API Key: Manage permission.

Steps to add a global API key:

  1. Select Add.
  2. Enter a unique name for the key.
  3. (Optional) Select an expiration date.
  4. Select Create.

Enabling and Disabling Global API Keys

You can enable or disable (modify) global API keys if you have the correct permissions.

  • To modify global API keys for any listed user, you must have ALL API Keys: Modify permission.
  • To modify global API keys from your account, you must have Personal API Key: Manage permission.

Deleting Global API Keys

You can permanently delete global API keys.

  • To delete global API keys for any listed user, you must have ALL API Keys: Delete permission.
  • To delete your own API keys, you must have Personal API Key: Manage permission.
Note: When an API key is deleted, all API requests using the key are rejected and return an error.

Example Scenarios

This table provides examples of what actions are available in the Global API Keys table based on user role and assigned permissions.

Scenario Permission Decrypt Enable/Disable Delete
User on their own key Personal API Key: Manage Yes Yes Yes
Admin on another user’s key (Modify only) All API Keys: Modify No Yes No
Admin on another user’s key (Delete only) All API Keys: Delete No No Yes
Admin on another user’s key (Modify and Delete) All API Keys: Modify and All API Keys: Delete No Yes Yes
Note: Decrypt is always limited to the key owner. Administrators cannot decrypt another user’s key, even with All API Keys permissions.

Related Topics