Managing Keys

From the Settings → Secrets & Keys tab, you can view an organization's agent access key and all associated API keys.

Keep API Keys Secure!

API keys should be kept secure and not shared to prevent unforeseen changes or potential security issues. Never email or write down your API key.

API Keys and Permissions

API keys inherit the same permissions that the user has. For example, an API key belonging to a Full Administrator has the same permissions as in the console, and allows them to perform functions using the API that require Full Administrator permissions.

An API key belonging to an Organization Operator is only able to access and view organizations where they are assigned Organization Operator permissions using the API.


Viewing Keys

Select the Settings → Secrets & Keys tab to view the agent access key and the API keys.

Account ID

This is the UUID for the account. (You must have the required permissions to view this ID.)

  • To copy the agent access key, click the Copy button (clipboard) to the right of the field.

Agent Access Key

The agent access key is used to add devices to your Automox account.

  • To copy the agent access key, click the Copy button (clipboard) to the right of the field.

API Key

The API key is used to access the Automox API.

Note: API keys are not automatically generated for new users or new organizations. See Adding API Keys.
  • To view (decrypt) an API key, click the Show button to the right of the hidden characters. The key will automatically hide again after 10 seconds.
  • To copy the API key, click the Copy button (clipboard) to the right of the field. It is automatically decrypted.

Note: When you use API keys, take care to keep them secure. Follow best practices such as these:
  • Do not embed API keys directly in code.
  • Do not store API keys in files inside your application’s source tree.

Managing API Keys

Your user account role determines what API key management functionality is available to you. The following lists permissions:

  • All users can manage (create, read, modify, delete, and decrypt) their own API keys.

These roles have permissions related to the API keys of others:

  • Full Administrators can read, modify, delete, and list API keys for users in all organizations.
  • A custom role can be created with read, modify, delete, or list API keys for users in the organization that they have permissions to. (See Roles and Permissions Management .)

(See User Accounts for more information about role-based account controls.)

Full Administrator permissions

  • View all organization API keys in Settings → Secrets & Keys
  • Disable and delete all API keys through the Settings → Secrets & Keys page in the console
  • Disable and delete API keys through the API

All other user roles

  • They can read only the API keys created by their user login on the Settings page of the console.
  • They can disable and delete the API keys that were created by their user login on the Settings page of the console.
  • They can disable and delete the API keys that were created by their user login through the API.

All users

  • Users can only add keys for their own account.

Adding API Keys

You can add up to 10 unique API keys to a user account.

  • From the Settings → Secrets & Keys page, click Add.
  • Enter the unique name of the API key. You will see an error message if you enter a name that already exists.
  • (Optionally) You can select an expiration date for the API key.
  • Click Create.

Disabling API Keys

You can disable API keys that are from your own account.

Note: Only full administrators can disable API keys for all users.
  • Select the Settings → Secrets & Keys tab to view the list of API keys.
  • To find the API key that you want to disable, sort by the Name or User column. Show or hide the API key, as needed. If you don’t see the API key you want, select from the next page at the bottom.
  • To disable the API key, turn off the toggle switch under Enabled.
Note: When an API key is disabled, the key is rejected and returns an error. It is possible to re-enable an API key.

Deleting API Keys

You can delete API keys that are from your own account.

Note: Only full administrators can delete API keys for all users.
  • Select the Settings → Secrets & Keys tab to view the list of API keys.
  • You can sort by the Name or User column to find the API key that you want to delete. Show or hide the API key, as needed. If you don’t see the API key you want, select from the next page at the bottom.
  • To delete the API key, click Delete in the manage column.
Note: When an API key is deleted, the key is rejected and returns an error.

Related Topics