Manage the RSA Authentication API Keys (Legacy Clients)
The RSA Authentication API is a REST-based programming interface that allows you to develop clients that process multifactor, multistep authentications through RSA Authentication Manager and Cloud Access Service (CAS). The interface definition can be integrated with any programming language.
Clients built using the Authentication API require a key to pass authentication requests to CAS. Every Initialize call from the client must contain this key to securely identify the authentication request. For more information about the Authentication API, see the RSA Authentication API Developer's Guide.
You must be a Super Admin for the Cloud Administration Console to perform these tasks:
Integration with Authentication Manager
If Authentication Manager is configured to use CAS for authenticating users to agent-protected resources, an API key for that purpose is automatically added to CAS and appears in the console. That key counts against the maximum number of keys allowed.
If you delete the RSA Authentication Manager API Key, AM will be disconnected from CAS. If you want to reconnect, perform the registration process again in the AM Security Console. For instructions, see Connect RSA Authentication Manager to the Cloud Access Service.
Security Best Practices for Authentication API Keys
Follow these best practice recommendations to ensure that your API keys remain secure.
Delete the old API keys and generate new ones every 90 days.
Note: Do not delete keys that were automatically generated to connect Authentication Manager to CAS. If these keys are accidentally deleted, you must re-establish the connection with AM.
Do not embed API keys in the source code.
Do not store API keys in files inside source code repository.
Delete the keys from CAS if they are no longer being used.
Make sure the keys are encrypted at rest on the client file system.
Copy the RSA Authentication API REST URL
The RSA Authentication API uses the Authentication Service Domain in the REST endpoint URLs for CAS, as described in RSA Authentication API Developer's Guide. You can copy this URL from the Cloud Administration Console.
Procedure
In the Cloud Administration Console, go to Platform > API Access Management and select the Authentication API Keys tab.
Under RSA Authentication API REST URL, click Copy URL.
Paste the URL in a secure place and deliver it to your web client developers.
Add an RSA Authentication API Key
You can add up to 10 keys for authentication clients to use.
Procedure
In the Cloud Administration Console, go to Platform > API Access Management and select the Authentication API Keys tab.
Click ADD. The new key is displayed.
(Optional) Enter a description that identifies how the key will be used.
In the Network Zone field, select a network zone from the drop-down menu to restrict API access to specific IP ranges. Network zones help classify IP addresses as trusted or restricted, allowing better traffic management and security. For more information, see Manage Networks .
Add as many keys as necessary (up to 10), then click Save Settings.
To immediately activate these updates, click Publish Changes.
After you finish
Use a secure method to deliver the keys to your authentication client developers.
Delete an RSA Authentication API Key
If a key becomes compromised and is no longer secure, you can delete it and add a new one. After you delete a key, the client program using that key will no longer be able to authenticate to CAS.
Procedure
In the Cloud Administration Console, go to Platform > API Access Management and select the Authentication API Keys tab.
Click the minus sign (-) next to the key you want to delete.
Click Save Settings.
To immediately activate these updates, click Publish Changes. If you do not publish now, the deleted key can continue to be used in authentication requests until the changes are published.
Related Articles
Manage Legacy Clients (API Keys) Number of Views DSA-2019-018: RSA Authentication Manager Security Update for Multiple Hardware Appliance Firmware Vulnerabilities Number of Views Manage User Authentication Settings Number of Views Manage Authentication Sources Number of Views Manage PINs for Approve and Device Biometrics Authentication Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
