API keys

Adding API keys for REST APIs

When an API key is assigned to the external client, the external client can access and interact with data in the Maximo system by using the API key as an apikey query parameter or an apikey request header in REST API calls. REST API calls that use an API key do not create a persistent server connection, and the API key must be part of all REST API requests that the external client makes.

For more information and to use an API key, on the API Keys subtab of the Integration tab of the Administration Work Center, from the Action menu, select API documentation. Select Authorize to use your API key.

Using external systems to create API keys

You can use an external system to create the API key and provide the API key value to the integration framework. Create this type of API key by using the MXPERUSER REST API. For more information refer to the REST API documentation for creating users.

Security access

As the system administrator, you must create Maximo users for the external clients before API keys are created for those clients. The permissions that are associated with the API key are determined by the permissions for the associated user. You can create and configure API keys on the API Keys subtab of the Integration tab of the Administration Work Center.

You also can specify security that enables only the logged-in user to create an API key. To limit the creation of API keys to the logged-in user, go to the System Properties application and filter for the mxe.apikeyforloggedinuser property. In the Global Value field, specify 1 and save the record. Select Live Refresh to apply the value immediately.

To disable access to the Maximo system for an external client, you can delete the associated API key, but the external client might still access the Maximo system by using another configured authentication system. If an API key is compromised, delete the key and create another key for that user.