Managing API keys

API keys provide a secure way to authenticate in requests made using the Helix ALM REST API. Instead of authenticating and storing a username and password, you use a key, which consists of a key ID and a key secret.

To use a key for authentication, you create a key for the user you want to use to authenticate with and then use the generated key ID and key secret in the Authentication header in the REST API. See Authorization in the REST API help.

API keys are shared globally across all Helix ALM projects. Any changes you make to them affect all projects.

You can also manage API keys in the Helix ALM License Server Admin Utility. See the license server help.

To manage API keys, the Allow Login Via SOAP command must be enabled for your security group or you must have one of the following security permissions on the license server: 'User can administer all license server functions' or 'User can only manage global users'.

1. Choose Tools > Manage API Keys.

The Manage API Keys dialog box opens.

You can also manage API keys for a specific user when you are editing or viewing their user record. See Editing users and customers.

2. Select a key Owner to filter the list to only show keys for a specific user. The list includes all global users in the project. You can also search for an owner or key.

If the Owner field is not available, you can only manage your own API keys. This field is not available if you do not have the required permissions on the Helix ALM License Server or if you opened the Manage API Keys dialog box when editing or viewing a specific user.

3. Click Add to add a new key. See Adding API keys.

4. Select a key and click Edit to edit the key name and description. See Editing and deleting API keys.

5. Select a key and click Delete to delete it.

6. Click Close when you finish.