Generating API keys for authentication

With an API key, you can automatically authenticate to the IBM® Cloud Pak for Data platform or to a specific instance of a service from a script or application. Your API keys are associated with your credentials and are specific to you. With API keys, you can authenticate without entering your username and password.

Your platform API key enables scripts and applications to access everything that you would typically be able to access when you log in to the Cloud Pak for Data web client. An instance API key enables access only to the specific instance from which is it generated.

Before you generate an API key, consider the following factors:
What level of access is required?
As a security best practice, it is recommended that you give the least amount of access necessary to the script or application. For example, if a script needs to interact only with a specific service instance, generate an API key for that service instance.
What type of key can I generate?
Some services do not support instance-level API keys. If you cannot generate an API key that is specific to the service, you must use your platform API key.
Important: Be sure to store your API keys somewhere safe. If you lose an API key, you'll need to create a new key and update any scripts or applications where the key is used.

Platform API key

With a platform API key, you can access everything that you would typically be able to access when you log in to the Cloud Pak for Data web client.

To generate a platform API key:

  1. Log in to the web client.
  2. From the toolbar, click your avatar.
  3. Click Profile and settings.
  4. Click API key > Generate new key.
  5. Click Generate.
  6. Click Copy and save your key somewhere safe. You cannot recover this key if you lose it.

If you lose your API key, repeat the preceding steps to generate a new API key. Your old API key becomes invalid, and any applications or scripts cannot authenticate to the platform until you provide your new API key.

If you believe that your API key is compromised:

  1. Log in to the web client.
  2. From the toolbar, click your avatar.
  3. Click Profile and settings.
  4. Click API key > Revoke current key.
  5. Click Revoke.

Any applications or scripts that use the key won't be able to authenticate to the platform.

Instance API keys

If you have access to a specific instance of a service, you can generate an API key to access only that service instance.

Restriction: This feature might not be available for all services.

To generate an instance API key:

  1. Log in to the web client.
  2. From the navigation menu, select Services > Instances.
  3. Click the name of the instance for which you want to generate an API key.
  4. Click Instance API key > Generate API key.
  5. Click Generate.
  6. Click Copy and save your key somewhere safe. You cannot recover this key if you lose it.

If you lose your API key, repeat the preceding steps to generate a new API key. Your old API key becomes invalid, and any applications or scripts cannot authenticate to the instance until you provide your new API key.

If you believe that your API key is compromised:

  1. Log in to the web client.
  2. From the navigation menu, select Services > Instances.
  3. Click the name of the instance for which you want to revoke your current API key.
  4. Click Instance API key > Revoke API key.
  5. Click Revoke.

Any applications or scripts that use the key won't be able to authenticate to the instance.