Clients calling the Cloud Administration REST APIs must authenticate themselves by including a JSON Web Token (JWT) in each request. The JWT is signed using an Administration API key. You can generate up to 10 keys using the Cloud Administration Console.
Clients calling the Cloud Administration REST APIs must authenticate themselves by including a JSON Web Token (JWT) in each request. The JWT is signed using an Administration API key. You can add up to 10 keys using the Cloud Administration Console. The keys do not expire. You must manually delete API keys from the Cloud Administration Console when they become compromised or are not in use. You can regenerate a key if it is lost or compromised.
Only a Super Administrator for the Cloud Administration Console can add or delete an API key. The Super Administrator provides the API key file to the endpoint administrator.
If RSA Authentication Manager is configured to use the Cloud Authentication Service for authenticating users to agent-protected resources, a key for that purpose is automatically added to the Cloud Authentication Service and appears in the console. That key counts against the maximum number of keys allowed.
If you delete the RSA Authentication Manager API Key, Authentication Manager will be disconnected from the Cloud Authentication Service. If you want to reconnect, you must perform the registration process again in the Authentication Manager Security Console. For instructions, see Connect RSA Authentication Manager to the Cloud Authentication Service.
Security Best Practices for Administration API Keys
Follow these best practice recommendations to ensure that your API keys remain secure.
Delete the old API keys and generate new ones every 90 days.
Note:Do not delete keys that were automatically generated to connect RSA Authentication Manager to the Cloud Authentication Service. If these keys are accidentally deleted, you must re-establish the connection with Authentication Manager.
Do not embed API keys in the source code.
Do not store API keys in files inside source code repository.
Delete the keys from the Cloud Authentication Service if they are no longer being used.
Make sure the keys are encrypted at rest on the client file system.
Do not share API keys between different client application integrations. Use distinct API keys for each client application.
If your API key is compromised or if you want to change the role for an API, you must delete the old key and generate a new one. After you delete a key, the API using that key will no longer be able to authenticate to the Cloud Authentication Service.
In the Cloud Administration Console, click Platform > API Key Management and select the Administration API Key tab.
Select next to the API key file that you want to delete.
When prompted, click Delete.
Publish is not required, as changes take effect immediately.