Learn how to generate an access key and enable secure
access to the Prisma Cloud API.
Access Keys are a secure way to enable programmatic access
to the Prisma Cloud API, if you are setting up an external integration
or automation. By default, only the System Admin has API access
and can enable API access for other administrators.
enable API access either when you Add Administrative Users On Prisma Cloud, you can modify
the user permissions to enable API access. If you have API access,
you can create up to two access keys per role for most roles; some
roles such the Build and Deploy Security role can generate one access
key only. When you create an access key, the key is tied to the
role with which you logged in and if you delete the role, the access
key is automatically deleted.
Create an access key for a
limited time period and regenerate your API keys periodically to
minimize exposure and follow security best practices. On the
you can view a record of all access key related activities such
as an update to extend its validity, deletion, or a revocation.
If you do not see the option to add a new key, it means
that you do not have the permissions to create access keys.
Enter a descriptive
for the key.
Select the checkbox and specify a
term—date and time for the key validity—that adheres to your corporate
compliance standards. If you do not select key expiry, the key is
set to never expire; if you select it, but do not specify a date,
the key expires in a month. In the event a key is compromised, you
can administratively disable (
If you have multiple roles, you must switch roles to create
an access key for each role. Copy
or download the Access Key ID and the Secret Key as a CSV file.
After you close the window, you cannot view the secret key again,
and must delete the existing key and create a new key.
View the details for your keys.
can verify the expiry date for the key and can update it here, review
when it was last used and the status —Active or Expired.
you have multiple roles, the access key details display only for
the role with which you are logged in.
If you delete
a role, the access keys associated with the role are automatically
deleted, and any integrations that use the access key to make calls
to Prisma Cloud will stop working.