Granting access through service IDs and API keys from the IBM SaaS Console
Grant services or applications access to your service instance by using service IDs.
This feature is enabled in the IBM SaaS Console for the following products:
- Concert
- watsonx.data
- watsonx.governance as a Service on AWS
Creating service IDs
Service IDs represent services instead of users. These services are used for API authentication and authorization. Administrators create service IDs, and you can use the service IDs to connect to another application through API authentication and authorization. Because service IDs are not tied to a specific user, if a user leaves an organization and is deleted from the account, the service ID remains. This way, your service stays up and running.
- Log in to the IBM SaaS Console.
- Select the account that is associated with your subscription. The Subscriptions page opens.
- From the Subscriptions page, find the subscription for the instance that you want to add a service ID to. Then, click View subscription details.
- Click the instance where you want to add a service ID. The Instance details tab opens.
- Select the Service IDs tab and click Create service ID. The Create service ID window opens.
- In the window, enter a name and choose a role for your service ID.
- The Service admin role can view, create, update, and delete users, roles, and groups for an instance.
- The Service owner role can take the same actions as the Service admin.
- The Service user role can view the instance, but this role doesn't include permissions that are related to user management like adding more users.
- Click Create. The service ID is created and appears in the table on the Service IDs tab.
Creating API keys
Use API keys to access APIs in a service instance. You can create an API key for the service ID or a user.
- From the IBM SaaS Console Subscriptions page, find the subscription to which you want to add an API key and click View instances.
- In the table on the Instances tab, click the row of the instance where you want to add the API key.
- From the instance, select the API Keys tab and click Generate key. The Generate API key window opens.
- Choose a service ID, enter an API key name, optionally add a description, and select an expiration date.
- Click Generate key. The API key successfully created window opens.
- To copy the API key, click Copy to clipboard. You have a limited amount of time to copy the API key. The API key is unrecoverable. If lost, it must be reset.
- Close the window. The API key appears in the table on the API Keys tab.
- To update the access for an API key, update access for the service ID or user. API keys are associated with a service ID or user and have the same access that they do across all accounts.