API keys

You use API keys to enable an inbound machine-to-machine integration for an external client. API keys can be used by the REST APIs and also can be used as part of the Maximo® Integration Framework.

In a machine-to-machine integration, an external machine interacts with Maximo data in the Maximo system without the use of a browser. API keys are a native form of authentication that do not require an external repository for password storage.

As the system administrator, you must create Maximo users for the external clients before you can create API keys for those clients. The permissions that are associated with the API key are determined by the permissions for the associated user. You can create configure API keys on the API Keys subtab on the Integration tab of the Administration Work Center.

To disable access to the Maximo system for an external client, you can delete the associated API key, but the external client might still access the Maximo system by using another configured authentication system. If an API key is compromised, delete the key and create another key for that user.

API keys for REST APIs

When an API key is assigned to the external client, the external client can access and interact data in the Maximo system by using the API key as an apikey query parameter or an apikey request header in REST API calls. REST API calls that use an API key do not create a persistent server connection, and the API key must be part of all REST API requests that the external client makes.

For more information and to use an API key, on the API Keys subtab, from the Action menu, select API documentation. Select Authorize to use your API key.