API Key Management

Create and manage keys to securely authenticate calls to the BigPanda Public API.

Prerequisites

Relevant Permissions

Roles with the following permissions can access API Keys in the BigPanda Settings:

Apikeys_Read

Read-only - view existing API Keys.

Apikeys_Full_Access

Full access - view existing API keys and name, assign and describe new API keys.

To learn more about how BigPanda's permissions work, see the RBAC - Role Based Access Control guide.

How It Works

When invoking requests to the BigPanda Public API, in order to be authorized, an HTTP Authorization header must be included with a specific API Key. The frequency of key usage can be monitored easily - a call to the Public API will update the Last Used timestamp in the details section of the respective API Key used during the call.
Currently, only v2.0 APIs are supported.

Managing API Keys

API keys are managed directly through the BigPanda console and can be generated, deactivated, and deleted by administrators.

  1. Click on Settings (gearbox icon) and select API Keys from the dropdown.
  2. Existing API Keys will be listed in the left pane, along with a Search bar. In this section you can Create a New API Key as well as Edit or Delete existing keys.
  3. Click on any API Key in the list to see the details of the key, displayed in the pane to the right. In this section you can edit, activate or deactivate the key.

Creating a New Key

An API Key is activated only when it is assigned explicitly to an active user. Upon activation, the role of the user making the API request is authenticated and authorized. A single user can be assigned more than one API Key.

  1. In the API Keys menu, select the New Key button.
  2. Enter a Key Name.
  3. Select the Associated User to assign the key to. The dropdown will contain all active users in the system to choose from.
  4. Optionally, enter a short description to identify this key by.
  5. Select Create Key.
  6. The generated key will be presented to you at this time. Be sure to copy and save it now as this will be the only time it will be available to you.

    See the Authentication and Headers page in our API Reference to learn more.

Copying and Saving API Keys

Once the Create Key button is selected after filling out the fields in the menu, the generated key will only be exposed and shared in its full form ONCE in the following pop-up. It is important to copy and safely store this key.

The hash value of the key is kept and is not reversible. BigPanda does not persist the key.

Deleting a Key

To delete and deactivate an existing key:

  1. Select or search for the desired key in the API Keys list.
  2. Select the Delete (trashcan) icon.
  3. Type DELETE in the field to confirm and authorize the deletion. The field is case sensitive.
    Once a key is deleted, the action is permanent and not reversible.
    Keys associated with users that have been deleted will automatically become inactive and no longer work.

Activating And Deactivating A Key

To deactivate an existing key without deleting it:

  1. Select or search for the desired key in the API Keys list.
  2. Toggle the Active switch to select its mode.

Regenerating A Key

To regenerate a key:

  1. Create a new key.
  2. Update the key field on all external systems that make calls to BigPanda's Public API.
  3. Deactivate the old key.
  4. Perform test calls to BigPanda with associated systems to validate the new key.
  5. Delete the old key.

Updated 6 months ago


Recommended Reading

API Reference

API Key Management


Create and manage keys to securely authenticate calls to the BigPanda Public API.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.