API Key Management

When invoking requests to the BigPanda Public API, an HTTP Authorization header with a specific API key must be included to authorize the request.

Currently, only v2.0 APIs support API Keys. Some APIs may instead leverage the Org Token Authorization token. Both authentication types are sent as bearer tokens, but org tokens are used for an entire organization, while API keys are individual tokens. See each API endpoint to determine which Authentication type is required.

https://files.readme.io/ee86818ff57fa385b1c3e636d7a1d7339d2d4dc1123d1b4ea6112187bd66d572-Settings_APIKeys_Overview.png

API Keys Screen

Relevant Permissions

Roles with the following permission can access API Keys page in BigPanda Settings:

Role Name	Description
API Keys	View, edit, and create API Keys in BigPanda Settings.

Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the Roles Management guide.

Manage API Keys

API keys are managed directly through the BigPanda console and can be edited, activated or deactivated, and deleted by administrators.

You can narrow the list of API keys by entering a search term in the field above the list, filtering the list by the key's status or type, or sorting the list by last update, expiration, or creation date.

Clicking an API key in the list displays the details pane on the right, where you can view details about the key.

To manage API Keys:

In BigPanda, navigate to Settings > API Keys.
In the left pane, select the API key you wish to edit or delete.

Use any of the following options to modify the key:

Option	Description
Edit	Once created, you can edit API keys at any time. a. Click the Pencil icon on the API key ribbon or in the details pane. b. In the Edit key window, you can change the Key name, Expiration date, Associated user, or Description. c. Select Update key to save.
Activate/Deactivate	Deactivating a key prevents it from being used without fully deleting the key. a. In the details pane, click the Active/Inactive toggle to change the status of the key.
Delete	You can delete an API key when you are sure that it is no longer needed for your organization. Once a key is deleted, the action is permanent and not reversible. a. Click the Trash icon on the API key ribbon or in the details pane. b. In the Delete key window, type `DELETE` in the field to authorize the deletion. This field is case-sensitive. c. Select Delete key to complete the deletion.

Option

Description

Edit

Once created, you can edit API keys at any time.

a. Click the Pencil icon on the API key ribbon or in the details pane.

b. In the Edit key window, you can change the Key name, Expiration date, Associated user, or Description.

c. Select Update key to save.

Activate/Deactivate

Deactivating a key prevents it from being used without fully deleting the key.

a. In the details pane, click the Active/Inactive toggle to change the status of the key.

Delete

You can delete an API key when you are sure that it is no longer needed for your organization. Once a key is deleted, the action is permanent and not reversible.

a. Click the Trash icon on the API key ribbon or in the details pane.

b. In the Delete key window, type DELETE in the field to authorize the deletion. This field is case-sensitive.

c. Select Delete key to complete the deletion.

Deleting active keys

If an active key is deleted, it cannot be regenerated. If the key that was deleted is associated with an external system, create a new key and update the key field on all external systems that make calls to BigPanda’s Public API.

Deleted user keys

Keys associated with users that have been deleted will automatically become inactive and no longer work.

Create a New User API Key

A user API key is activated only when explicitly assigned to an active user. The API key inherits all roles and permissions from the associated user. Upon activation, the role of the user making the API request is authenticated and authorized. A single user can be assigned more than one user API Key.

In the API Keys menu, select the New key button.
Select the key type. You can choose either a User Key or a Service Account Key.
Enter a Key Name.
Select a Key expiration date from the drop-down menu. You can choose from 6 months, 12 months, 24 months, or no expiration. Expiration dates can be updated at any time.
Select the Associated user to assign the key to. The dropdown will contain all active users in the system to choose from.
In the Notify before expiration field, select a user to notify when the key is near the expiration date.
Optionally, enter a short description (limit 1000 characters) to identify this key.
Select Create Key.
The generated key will be presented to you at this time. Be sure to copy and save it now as this will be the only time it will be available to you.

See the Authentication and Headers page in our API Reference to learn more.

Copy and save API keys

Once the Create Key button is selected after filling out the fields in the menu, the generated key will only be exposed and shared in its full form once in the following pop-up. It is important to copy and safely store this key. BigPanda does not store a copy of the key for future reference.

API key expiration

When an API key is close to expiring, an email notification will be sent to the user selected for notification, and the user associated with the API key.

API key expiration dates can be extended at any time. To extend the expiration, click the Edit button on a key. If the API key is already expired and you need to re-activate it, follow the instructions to Extend the Expiration Date of an Expired Key.

Usage monitoring

The frequency of key usage can be monitored easily - a call to the Public API will update the Last Used timestamp in the details section of the respective API Key used during the call.

Activate and Deactivate a Key

To deactivate an existing key without deleting it:

Navigate to the desired key and select it.
In the details pane to the right, click the Active toggle.
(Optional) Click the Active toggle at any time to reactivate the key

Deleting active keys

Extend the Expiration Date of an Expired Key

Once a key's expiration date has been reached, it is automatically deactivated and appears in the list of keys as Expired. You can reactivate and extend the expiration date of an expired API key.

To extend the expiration date of an expired key:

Navigate to the expired key and select it.
In the details pane to the right, change the Inactive toggle to Active.
In the details pane, click the Edit icon.
In the Edit key window, select the Key expiration drop-down menu and choose a new date.
Click Update key.

Delete a Key

To delete and deactivate an existing key:

Select or search for the desired key in the API Keys list.
Select the Delete (trash can) icon.
Type DELETE in the field to confirm and authorize the deletion. The field is case-sensitive.

Key deletion

Once a key is deleted, the action is permanent and not reversible.

Keys associated with users that have been deleted will automatically become inactive and no longer work.

https://files.readme.io/99fc763-DeleteAPIKey.png

Delete an API Key

Next Steps

Find your way around the BigPanda Settings screen

Read through the Introduction to BigPanda APIs

Learn about User Management in BigPanda

In this section: