Learn how to generate an access key and enable secure
access to the Prisma Cloud API.
Access Keys are a secure way to enable programmatic
access to the Prisma Cloud API, if you are setting up an external
integration or automation. By default, only the System Admin has
API access and can enable API access for other administrators.
You
can enable API access either when you Add Administrative Users On Prisma Cloud, you can modify
the user permissions to enable API access. If you have API access,
you can create up to two access keys per role for most roles; some
roles such the Build and Deploy Security role can generate one access
key only. When you create an access key, the key is tied to the
role with which you logged in.
Create an access key for a
limited time period and regenerate your API keys periodically to
minimize exposure and follow security best practices. On the
Settings
Audit Logs
,
you can view a record of all access key related activities such
as an update to extend its validity, deletion, or a revocation.
If you do not see the option to add a new key, it means
that you do not have the permissions to create access keys.
Enter a descriptive
Name
for the
key.
Set the
Key Expiry
term.
Select the checkbox and specify a
term—date and time for the key validity—that adheres to your corporate
compliance standards. If you do not select key expiry, the key is
set to never expire; if you select it, but do not specify a date,
the key expires in a month. In the event a key is compromised, you
can administratively disable (
Make Inactive
)
the key.
Create
the key.
If you have multiple roles, you must switch roles to create
an access key for each role.
Copy
or download the Access Key ID and the Secret Key as a CSV file.
After you close the window, you cannot view the secret key again,
and must delete the existing key and create a new key.
View the details for your keys.
You
can verify the expiry date for the key and can update it here, review
when it was last used and the status —Active or Expired.
If
you have multiple roles, the access key details display only for
the role with which you are logged in.