Generating API Keys
This guide walks through the process of creating API keys for programmatic access to Shield's REST API.
Step 1: Access API Key Management
- Log into the Shield Admin Console
- Navigate to Configuration → API Keys
- Click Generate API Key
Step 2: Configure Key Settings
Configure the following settings for the new key:
| Field | Description |
|---|---|
| Name | Descriptive name to identify the key's purpose (e.g., "Analytics Pipeline", "CI/CD Integration") |
| Permissions | Select which operations this key can perform (see Permissions below) |
| Days to Expire | Expiration period in days (e.g., 90, 365, or custom value) |
Step 3: Save the Key
After clicking Generate, Shield displays the API key one time only. Copy the key and store it in a secure location before closing the dialog.
Recommended storage methods:
- Password manager (1Password, LastPass, etc.)
- Environment variables in your deployment system
- Secrets management service (AWS Secrets Manager, HashiCorp Vault, etc.)
Security considerations:
- Never commit API keys to version control systems
- Do not share keys via email, messaging, or other plaintext communication
- Store keys encrypted at rest
- Use separate keys for different environments (development, staging, production)
Permissions
API keys can be granted the following permissions:
Policy Definition
Allows the key to create, modify, and delete Shield policy resources:
- Applications and URL filters
- Rules and policy conditions
- Data Types (custom types only)
- Obfuscations and mask formats
- Alerts and notification configurations
Common use cases: Policy-as-code deployments, configuration management systems, automated policy updates
Data Scanning
Allows the key to use Shield's real-time scanning endpoints:
POST /api/scan- Policy-based scanningPOST /api/scan-dynamic- Explicit data type scanning
Common use cases: Application integration, API gateways, microservice communication, real-time data protection
Read Access (All Keys)
All valid API keys have read access to:
- All policy resources (apps, rules, data types, obfuscations, alerts)
- Activity logs via the Activities API
- System configuration and status
- CSV export functionality
Related Topics
- Using API Keys - Integration examples in multiple languages
- Validating API Keys - Test your key is working correctly
- Managing API Keys - Key rotation and deletion
For additional configuration options, see the Admin Console API Keys documentation.