API key accounts
API key accounts are designed to enable external scripts or integrations to authenticate to the Orchestration & Automation application through the REST API, with the minimum required permissions. A system-generated token is used to authenticate. API key accounts cannot access the Orchestration & Automation user interface, own incidents or be members of an incident or group. The API key display name is unique for each QRadar platform account.
Apps installed from the Apps tab automatically create their own API key account.
Each API key account contains a server-generated ID and secret and a unique display name, as well as the permissions assigned. It also contains the user who created or last updated the key account and the created or updated time and date, and optionally, a description.
API key accounts ignore two factor authentication. In addition, API key accounts cannot access the Orchestration & Automation user interface. They cannot own or be members of incidents, own or be members of tasks, or be members of a group.
Cases or incidents created by API key accounts are automatically assigned to the default group if an incident owner is not specified during incident creation.
The API key account is created.
To subsequently change the permissions, display name or description, navigate to Administrator Settings > Users > API Keys, select the key that you want to edit, and click Edit. From the editor, change the permissions or display name, as required.
If you need to regenerate the key, click Regenerate API Key Secret. The ID remains the same but a new secret is generated. Any integrations that are using the key account must be updated to match the regenerated key. To delete the key, click Regenerate API Key Secret > Delete API Key.