Skip to main content

API Access Keys

Lacework provides a combination of API access keys and tokens that clients and client applications use to access the Lacework API. Use the Lacework Console to create API access key IDs and secret access keys. Use the Lacework API to create temporary access (bearer) tokens, which clients use in API calls. API calls made using the bearer token behave as if they are issued by the user to whom the API key is assigned.

About API Keys

To create an API access key, you need to be an administrator in the Lacework Console (see Account Roles for more information). Users are limited to 20 keys.

An API access key doesn't expire but can be disabled or deleted. After creating a key, administrators can download and securely store it.

After creating the key, API users can use the key to generate bearer access tokens that they can use in API requests. For information on creating and using bearer access tokens, see API Access Keys and Tokens.

API Keys

To create an API access key:

  1. Navigate to Settings > Configuration > API keys and click + Add New.

  2. Enter a name for the key and an optional description.

    Toggle on Assign this to a service user if you want the API Key to emulate a Service User, and select the assigned Service User from the drop-down.

  3. Click Save.

To get the access key, download the generated API key file and open it in an editor.

If an API key is created by an administrator that is later relegated to the user role, that API key can't be used to generate tokens or access the Lacework API.

See API Access Keys and Tokens for information on how users generate temporary bearer tokens from access keys.