Managing API keys

API keys provide a secure way to authenticate in requests made using the Helix ALM REST API. Instead of authenticating and storing a username and password, you use a key, which consists of a key ID and a key secret.

To use a key for authentication, you create a key for the user you want to use to authenticate with and then use the generated key ID and key secret in the Authentication header in the REST API. See Authorization in the REST API help.

API keys are shared globally across all Helix ALM projects. Any changes you make to them affect all projects.

You can also manage API keys in the Helix ALM License Server Admin Utility. See the license server help.

To manage API keys, the Allow Login Via SOAP command must be enabled for your security group or you must have one of the following security permissions on the license server: 'User can administer all license server functions' or 'User can only manage global users'.

1.Click your username at the top of the page and choose Manage API Keys.

The Manage API Keys dialog box opens.

You can also manage API keys for a specific user when you are editing or viewing their user record. See Editing users and customers.

2. Select a key Owner to filter the list to only show keys for a specific user. The list includes all global users in the project. You can also search for an owner or key.

If the Owner field is not available, you can only manage your own API keys. This field is not available if you do not have the required permissions on the Helix ALM License Server or if you opened the Manage API Keys dialog box when editing or viewing a specific user.

3. Click Add to add a new key. See Adding API keys.

4. To edit the key name or description, select a key, click the gear icon next to it, and choose Edit. See Editing and deleting API keys.

5. To delete a key, select it, click the gear icon next to it, and choose Delete.

6. Click Close when you finish.