API keys are used to access various Instaclustr API endpoints. Utilizing different types of API keys means that usage of the API is restricted and more secure relative to the key’s intended purpose. Each key generated is unique for each user, for that account, and is a form of identification. API keys can be utilized to track and control how the API is being used in order to prevent malicious use or abuse of the API.
Table of Contents
Adding an API Key
To get started, In the top right hand corner of the console click the gear icon. This will show a dropdown menu from which you should select the Account Settings option.
2. Select the API Keys tab. This will take you to a page from which you can manage your API Keys.
3. Decide which API you wish to create a key for. Then click the Add Button to generate a key.
4. For security reasons, this key is only displayed once. Make sure to keep a copy of it somewhere secure, such as a password store.
API Key Security
Access to individual API keys may be restricted to specific IP address through an allowlist of CIDR entries. By default the CIDR 0.0.0.0/0 is added to the allowlist permitting access from all locations. In this case “None” will display in the Security column for that key. Removing all entries from an allowlist will effectively block all access to that API key.
When an API key is deleted, the entries in the allowlist are also reset. Use the Rotate button to generate a new API key without affecting the allowlist.
Changing the allowlist for an API key
1. Click the Manage button next to an existing API key.
2. Remove the default 0.0.0.0/0 CIDR entry from the allowlist that permits access from all locations. “IP Restrictions” will now display in the Security column for this key.
3. Click Add my Public IP Address to immediately add your current public IP address and save the allowlist. The button will not be present if your IP is already in the allowlist.
4. On individual lines, add CIDR ranges to permit access from those networks. Single IP addresses will be converted to CIDR entries upon saving.
5. Click Save, or Cancel to go back to the previous page.
Types of API Keys
Instaclustr provides multiple APIs, each of which requires its own unique key to be able to access. Different user roles can only access certain APIs, and as such only generate keys for certain APIs.
Account Owners and Cluster Administrators can access all of the APIs. Read Only level users have access to Monitoring, Prometheus Monitoring and Read Only Provisioning APIs. Refer to our documentation for more information on user roles.
The Monitoring API provides a wide variety of metrics and data which can be used for monitoring clusters, data centres and nodes. As an alternative to the Monitoring API, monitoring features are available on the Instaclustr console. Refer to our support documentation on The Monitoring Page for more information.
Prometheus is an open source monitoring solution. In addition to viewing metrics through the Instaclustr console, you may wish to have a single monitoring system to simultaneously view your application metrics alongside the metrics from your Instaclustr-managed cluster. The Prometheus Monitoring API is the most popular format for integrating Instaclustr metrics with third-party monitoring or visualization systems.
The Read Only Provisioning API Key can only perform GET requests to endpoints in the Provisioning API. Benefits of using this instead of the Provision API key is so that clusters cannot be modified. You can retrieve information about the clusters but cannot alter the cluster configurations.
The Provisioning API Key has full access to all endpoints in the Provisioning API. It allows for the controlling of the provisioning of clusters and most provisioning actions that are available on the Instaclustr console to be carried out via a REST API.
The User Management API is used for managing users and their access to clusters. Several of the operations in the API implement the SCIM 2.0 protocolwhich is used for managing user identities at Instaclustr.