Early Access: The content on this website is provided for informational purposes only in connection with pre-General Availability Qlik Products.
All content is subject to change and is provided without warranty.
Skip to main content Skip to complementary content

Managing API keys

API keys are unique identifiers used for authentication, allowing users, developers, or programs to access APIs securely. They are essential for tracking and controlling API usage, helping to prevent abuse and ensure secure communication.

Using API keys to connect to Qlik Cloud APIs

You can use API keys to interact with the REST API reference on qlik.dev. Tools such as Postman or qlik-cli can be used for API access. For more information, see Overview of Qlik APIs and qlik-cli.

Example: Using Postman to connect to Qlik APIs

Do the following:

  1. Start Postman.

  2. Set the HTTP method to GET.

  3. Enter the URL for the Qlik Cloud API endpoint.

    For example, to list all spaces in the tenant:

    https://your-tenant.eu.qlikcloud.com/api/v1/spaces

  4. On the Auth tab, choose Bearer Token as the Auth Type.

  5. Enter your API key in the Tokenfield.

  6. Click Send.

If the request is successful, the API will return a JSON response. In this example, the response would include a list of spaces.

Enabling API keys in the tenant

By default, API key generation is disabled. Tenant administrators must enable API keys in the tenant to allow users to generate them.

Do the following:

  1. In the Administration activity center, go to Settings.
  2. Under API keys, select Enable API keys.
  3. Adjust the following settings as needed:

    • Change maximum token expiration: Modify the expiration for newly generated tokens. Existing API keys will retain their original expiration value. There is no maximum limit for this value.

    • Change maximum of active API keys per user: This limit applies only to new API keys. If the limit is reached, the creation of additional API keys will be denied. The maximum value you can set is 1000.
    Information noteYou may need to refresh your browser to see the changes reflected in the API keys section on your user profile page.
  4. To start generating API keys, click Generate new. You will be redirected to the API keys section of your user profile.

Generating and managing API keys

Generating API keys

To generate new API keys, you must have the Developer role. Tenant admins can assign this role to users.

Do the following:

  1. Click your user profile icon and select Profile settings.

  2. Go to the API keys section and click Generate new key.

  3. Provide a description and set an expiration time for the API key.

  4. Click Generate to create the key.

  5. Copy the generated API key and store it securely. Note that the key cannot be retrieved later.

Editing API keys

You can change the name of an API key after creation.

Deleting API keys

Information noteDeleting API keys is permanent and cannot be undone. Ensure that this action won't disrupt any ongoing processes or integrations relying on the key.

Do the following:

  1. Click your user profile icon and select Profile settings.

  2. Go to the API keys section.

  3. Click More next to the API key you want to delete and select Delete.

  4. To remove all keys, click Delete all above the list of keys.

Monitoring and revoking API keys

You can view all API keys associated with your tenant in the API keys section of the Administration activity center. You can search for keys by name, ID, or owner.

API key statuses

API keys can have the following statuses:

  • Active: The API key is currently in use.
  • Expired: The expiry date has been reached.
  • Revoked: The API key has been revoked and can no longer be used.

Revoking API keys

As a tenant administrator, actively monitoring API key activities is essential for maintaining security. If suspicious activities are detected, you can revoke the API key.

Information noteRevoking an API key immediately deactivates it, affecting any ongoing processes or integrations relying on it. Revocation is irreversible; a revoked API key cannot be re-activated.

Do the following:

  1. In the Administration activity center, go to Events.

  2. Look for any suspicious activities, such as excessive usage of a particular API key.

  3. Click Arrow down next to the event to expand its details and copy the API key ID.

  4. Go to the API keys section and search for the API key using its ID.

  5. Click More next to the key and select Revoke. You can only revoke keys with status Active.

  6. To revoke multiple API keys, select them in the table and click Revoke in the upper-right corner.

Best practices for API key management

  • Keep keys confidential: Store API keys securely and avoid exposing them in public code repositories.

  • Regenerate regularly: Periodically regenerate your API keys to enhance security.

  • Monitor usage: Regularly check API key activities to identify any suspicious behavior.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!