| copyright | lastupdated | ||
|---|---|---|---|
|
2017-11-16 |
{:shortdesc: .shortdesc} {:codeblock: .codeblock} {:screen: .screen} {:new_window: target="_blank"}
{: #serviceidapikeys}
Service IDs are created to enable access to your {{site.data.keyword.Bluemix_notm}} services by applications hosted both inside and outside of {{site.data.keyword.Bluemix_notm}}. API keys are used by an application to authenticate as a particular service ID and be granted the access associated with that service ID.
Once you create a service ID, you can start creating API keys and assigning service policies. Each policy specifies the level of access that is allowed when the API key is used to authenticate with your services. For more information about creating a service ID and assigning policies, see Creating and managing service IDs. For details on the CLI commands that are used to manage service ID API keys, see Commands for managing API keys and policies.
Each API key that is associated with a service ID inherits the policy that has been assigned to the service ID. For example, if you want one application to be able to simply view resources within a service, then you need to use an API key associated with a service ID that has a policy assigned with the Viewer role. And, if you want another application to be able to have full access within a service, then you need to use an API key associated with a second service ID that has a policy assigned with the Administrator role.
Create an API key to associate with a service ID.
- Go to Manage > Security > Identity and Access > Service IDs.
- If you don't have a service ID created already, create the service ID.
- From the Actions menu, go to the Manage service ID option.
- Click Create in the API keys section.
- Add a name and description to easily identify the API key.
- Click Create.
- Save your API key by copying or downloading it to secure location.
Note: For security reasons, the API key is only available to be copied or downloaded at the time of creation. If the API key is lost, you must create a new API key.
You can update an API key by editing the name or description used to identify the key in the UI.
- Go to Manage > Security > Identity and Access > Service IDs.
- If you don't have a service ID created already, create the service ID.
- From the Actions menu, go to the Manage service ID option.
- From the Actions menu in the API keys section, go to the Edit name & description option.
You can delete an API key that is associated with a service ID. However, deleting an API key that is currently in use by an application will remove the ability for that application to authenticate with your services.
- Go to Manage > Security > Identity and Access > Service IDs.
- If you don't have a service ID created already, create the service ID.
- From the Actions menu, go to the Manage service ID option.
- From the Actions menu in the API keys section, go to the Delete key option.