API Access Keys (2024)

PagerDuty offers two APIs, which require API access keys:

REST API: Allows third parties to interact with configuration data in your account.
Events API: Allows you to add PagerDuty's advanced event and incident management functionality to any system that can make an outbound HTTP connection.

There are two types of REST API keys:

Both types of REST API keys are 20-character strings. They will produce an error if they’re used with an Events API call.

📘
REST API Availability
The REST API is available to all customers on current pricing plans. It is not available to some customers on legacy pricing plans.

🚧
Required User Permissions
Admins and Account Owners can create, disable, enable and delete general access REST API keys.

In the web app, navigate to Integrations API Access Keys under Developer Tools.
Click Create New API Key.
Enter a Description to help you identify the key later.

Optionally check Read-only API Key if you’d like the key to only make GET calls.

Click Create Key.

🚧
API Key Storage
This will generate a unique API key. Store it in a secure location, as this is the only time the key is displayed in full. If you lose a key you will need to delete it and create a new one.

Click Close.

The key will appear in the table of API Access keys below, along with some additional information: the description, when it was created, the API version, access level and whether it’s disabled (including who disabled the key and when).

Disable a REST API Access Key

Disabling a general access REST API key means that the key will no longer work with the REST API. However, this action does not delete the key and it can be re-enabled at a later time.

Enable a REST API Access Key

In the web app, navigate to Integrations API Access Keys.
In the table of API access keys, select Enable next to the key you’d like to enable.

Delete a REST API Access Key

Deleting a general access REST API key removes the key from your account. This is an irreversible action and a deleted key cannot be recovered. The Account Owner and users with an Admin or Global Admin user role can delete general access REST API keys.

In the web app, navigate to Integrations API Access Keys.
In the table of API access keys, select Remove next to the key you’d like to delete.
Confirm your selection in the browser alert.

Generate a User Token REST API Key

🚧
Requirements
If your account has Advanced Permissions, users can create personal REST API keys. Requests made using personal REST API keys are restricted to the user's permissions. Any client request for an operation that the user is not permitted to perform will result in a 403 Forbidden response.

In the web app, navigate to User Icon My Profile User Settings.
In the section API Access, click Create API User Token.
Enter a Description to help you identify the key later.
Click Create Key.

🚧
API Key Storage
This will generate a unique API key. Store it in a secure location, as this is the only time the key is displayed in full. If you lose a key you will need to delete it and create a new one.

Click Close.

The key will appear in the table below, along with some additional information: when it was created, last used, and the API version.

Delete a User Token REST API Key

Deleting a personal REST API access key removes the key from the user’s account. This is an irreversible action and a deleted key cannot be recovered.

🚧
Required User Permissions
Any user may delete their own keys. Account Owners and Admins can delete other users’ personal access keys, so long as the other user is not the Account Owner, an Admin or Global Admin.

In the web app, navigate to User Icon My Profile User Settings.
In the section API Access, click Remove next to the key you’d like to delete.
Confirm your selection in the browser alert.

In addition to General Access REST API Keys and User Token REST API Keys, you can generate scoped tokens, which offer more granular control over the objects that users and apps can access. Please read our dev docs Register an App for more information.

Rate Limits

In order to ensure fair access to REST API resources, PagerDuty enforces rate limits. Please read REST API Rate Limits for more information.

🚧
Requirements
The Events API is available to all customers, and any user with a Manager role or above can generate an integration key.

API keys for the Events API are 32-character strings. They are associated with service-level integrations, and are listed on a service’s Integrations tab. Read more about configuring integration keys for the Events API in our Services and Integrations article.

Event Orchestration, which allows you to centralize event processing, also makes use of integration keys for the Events API.

Updated about 2 months ago

Learn more

I'm a specialist with in-depth knowledge of API management and configuration, particularly in the context of PagerDuty. My expertise includes understanding the nuances of PagerDuty's REST API and Events API, as well as the various types of API keys involved.

Now, let's delve into the concepts mentioned in the article about PagerDuty's APIs and API keys:

PagerDuty APIs:
- REST API:
  - Purpose: Allows third parties to interact with configuration data in your PagerDuty account.
  - Types of Keys: General Access REST API Keys and User Token REST API Keys (both 20-character strings).
  - Availability: Accessible to all customers on current pricing plans, but not available to some on legacy plans.
- Events API:
  - Purpose: Integrates PagerDuty's advanced event and incident management functionality into any system with outbound HTTP capability.
  - Key Type: Events API keys (32-character strings) associated with service-level integrations.
  - Availability: Open to all customers; users with a Manager role or above can generate integration keys.
REST API Keys:
- Types:
  - General Access REST API Keys
  - User Token REST API Keys
- Creation and Management:
  - Admins and Account Owners can create, disable, enable, and delete General Access REST API Keys.
  - Creation Process: Navigate to Integrations > API Access Keys, provide a description, and generate the key.
  - Storage: Securely store the key, as it's only displayed once during creation.
  - Disabling: Admins and Account Owners can disable keys, rendering them inactive but not deleting them.
  - Enabling: Admins and Account Owners can re-enable disabled keys.
  - Deletion: Account Owners and Admins can permanently delete General Access REST API Keys.
User Token REST API Keys:
- Creation and Management:
  - Users with Advanced Permissions can create personal REST API keys with restricted permissions.
  - Creation Process: Navigate to User Settings > API Access, provide a description, and generate the key.
  - Deletion: Users can delete their own keys, while Account Owners and Admins can delete others' keys.
Scoped Tokens:
- Purpose:
  - Offer more granular control over the objects that users and apps can access.
Rate Limits:
- Enforcement:
  - PagerDuty enforces rate limits on REST API resources to ensure fair access.
Events API Keys:
- Requirements:
  - Available to all customers.
  - Users with a Manager role or above can generate integration keys.
  - Keys are 32-character strings associated with service-level integrations.

This comprehensive overview covers the essential aspects of PagerDuty's APIs, API key management, and related considerations. If you have any specific questions or need further clarification on any of these topics, feel free to ask.

FAQs

API Access Keys? ›

An application programming interface (API) key is a code used to identify and authenticate an application or user. API keys are available through platforms, such as a white-labeled internal marketplace. They also act as a unique identifier and provide a secret token for authentication purposes.

Read On ›

What is the difference between API key and public key? ›

Public keys only have the power to create tokens. Private API keys should be kept confidential and only stored on your own servers. Your account's private API key can perform any API request to Affirm with some restrictions.

Discover More Details ›

What is an API signing key? ›

Signing keys are used to sign ID tokens , access tokens , SAML assertions, and WS-Fed assertions sent to your application or API. The signing key is a JSON web key (JWK) that contains a well-known public key used to validate the signature of a signed JSON web token (JWT).

What is the API layer access key? ›

API key is used to authenticate requests and essential to use APIs through APILayer. Learn how to manage your API keys and authentication. API keys are the essential authentication mechanism to use an API in APILayer. The API key should be sent as a header called apikey .

See Details ›

What is an API key for dummies? ›

When dealing with APIs, you may encounter something called an API key. They're sort of like passwords which let APIs confirm your identity. Once an API knows you're legitimate, you can get through and use the API's full set of features. Usually, the API key is a single token that's used to access the REST API.

Find Out More ›

What are API access keys? ›

An API key is passed by an application, which then calls the API to identify the user, developer, or program attempting to access a website. It can help break development silos and will typically be accompanied by a set of access rights that belong to the API the key is associated with.

Tell Me More ›

How to find an API key? ›

To find an API key, you usually need to visit the website or platform that offers the API you want to use. The process can vary depending on the specific API provider, but you typically need to sign up for an account, create a project or application, and then generate an API key within that project.

Show Me More ›

Can anyone use my API key? ›

Security of API keys

API keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration, so it may be used indefinitely, unless the project owner revokes or regenerates the key.

Explore More ›

How do I get API key authentication? ›

API Key Authentication

To enable access to a secured API, create one or more API keys. The API key is then supplied in the HTTP request using the Authorization header. See Managing API Keys for more information on adding additional keys.

What does API mean? ›

API stands for Application Programming Interface. In the context of APIs, the word Application refers to any software with a distinct function. Interface can be thought of as a contract of service between two applications. This contract defines how the two communicate with each other using requests and responses.

Show Me More ›

How do I get API access? ›

To use an API, you typically need to obtain an API key from the provider, understand the documentation for proper integration, and then implement API calls in your project's codebase.

Read The Full Story ›

What is the API access? ›

API access refers to the ability to interact with and utilize the functionalities provided by an Application Programming Interface (API). It enables applications, systems, and developers to communicate with other software systems, accessing their data, services, or features.

See Details ›

What is API access key in AWS? ›

API keys are alphanumeric string values that you distribute to application developer customers to grant access to your API. You can use API keys together with Lambda authorizers, IAM roles, or Amazon Cognito to control access to your APIs.

Get More Info Here ›

Is an API key a password? ›

API Keys are personal authentication credentials that you can create and pass in place of a username and password when using HTTP Basic Auth to perform API calls.

What is the difference between API and API key? ›

An API key is an alphanumeric string that API developers use to control access to their APIs. An API is a communication mechanism that allows data exchange between two software modules.

What is API key generator? ›

Explore Akto's API Key Generator, a tool specifically designed for the efficient creation of dummy API keys for testing purposes. This tool is ideal for web development, QA, security testing and software development. Generate multiple unique API keys in an instant, free of charge.

View Details ›

Can API keys be public? ›

The type used will vary depending on the use case and security requirements. Selecting the right type of API key helps protect sensitive data and minimizes unauthorized access. Public API keys These are most often used for read-only access to public data. These may be embedded in client-side applications.

What is the difference between API key and secret key? ›

An API key is a type of basic authentication that the caller uses the supplied key for the resources access. The secret key in the oAuth is the key to generate a token with scopes for the user access.

Learn More ›

What is an API key in ChatGPT? ›

ChatGPT is great, but the app has only a limited set of features. OpenAI provides programmatic access to their models via the APIs so devs can use it to build other apps for any use case. An API key is like a personal password. When you use apps with your key, the usage will be billed to your account.

Discover More Details ›

What is the OpenAI API key? ›

An API key is a unique code that identifies your requests to the API. Your API key is intended to be used by you. The sharing of API keys is against the Terms of Use. As you begin experimenting, you may want to expand API access to your team. OpenAI does not support the sharing of API keys.

Show Me More ›