API Keys
Lacework provides a combination of API keys and tokens that you can use to access the Lacework API. You can create an API key in the Lacework console. You can then use that key to generate temporary access (bearer) tokens to authenticate calls to the Lacework API. API calls made using the bearer token are subject to the permissions of the user to whom the API key is assigned.
You can create an API key for a human user or a service user. Service users have access to the full API, but are unable to log in to the console. They are intended for enabling programmatic access, for example, to access the API from services or scripts, or to integrate Lacework with other applications. For more information, see Service Users.
About API Keys
To create an API key, you must have the account admin role or otherwise have write permissions for API keys in the Lacework Console. See Access Control Overview for more information. Each Lacework Console user can have up to 20 keys.
An API key doesn't expire but it can be disabled or deleted. After creating a key, you should download and securely store it.
After creating the key, API users can use the key to generate bearer access tokens that they can use in API requests. For information on creating and using bearer access tokens, see API Keys and Access Tokens.
API Keys
To create an API key:
Navigate to Settings > API keys.
Choose the User API keys tab to add a key for a human user, or Service user API keys for programmatic API users, such as scripts or integrations.
Click + Add New.
Enter a name for the key and an optional description.
Toggle on Assign this to a service user if you want the API Key to emulate a Service User, and select the assigned Service User from the drop-down.
Click Save.
Download the generated API key file and open it in an editor to view and use the key ID and generated secret in your API requests.
If an API key is created by an administrator that is later relegated to the user role, that API key can't be used to generate tokens or access the Lacework API.
See API Keys and Access Tokens for information on how to generate temporary bearer tokens from an API key.