API keys are used to access various Instaclustr API endpoints. Both Organizations and Accounts have their own API keys that operate identically, but are used for different endpoints. Utilizing different types of API keys means that usage of the API is restricted and more secure relative to the key’s intended purpose. Each Account or Organization API key generated is unique for each user, for that account or organization, and is a form of identification. API keys can be utilized to track and control how the API is being used in order to prevent malicious use or abuse of the API.
Table of Contents
Adding an Account API Key
- To get started, In the top right hand corner of the console click the gear icon. This will show a dropdown menu from which you should select the Account Settings option.
2. Select the API Keys tab. This will take you to a page from which you can manage your API Keys.
3. Decide which API you wish to create a key for. Then click the Add Button to generate a key.
4. For security reasons, this key is only displayed once. Make sure to keep a copy of it somewhere secure, such as a password store.
Adding an Organization API Key
- Navigate to the Organization Admin Page and select “API Keys” from the nav bar.
- Currently there is only one API key type: Organization Management. Click the Add Button to generate a new API key.
- For security reasons, this key is only displayed once. Make sure to keep a copy of it somewhere secure, such as a password store.
API Key Security
Access to individual API keys may be restricted to specific IP address through an allowlist of CIDR entries. By default the CIDR 0.0.0.0/0 is added to the allowlist permitting access from all locations. In this case “None” will display in the Security column for that key. Removing all entries from an allowlist will effectively block all access to that API key.
When an API key is deleted, the entries in the allowlist are also reset. Use the Rotate button to generate a new API key without affecting the allowlist.
Changing the allowlist for an API key
1. Click the Manage button next to an existing API key.
2. Remove the default 0.0.0.0/0 CIDR entry from the allowlist that permits access from all locations. “IP Restrictions” will now display in the Security column for this key.
3. Click Add my Public IP Address to immediately add your current public IP address and save the allowlist. The button will not be present if your IP is already in the allowlist.
4. On individual lines, add CIDR ranges to permit access from those networks. Single IP addresses will be converted to CIDR entries upon saving.
5. Click Save, or Cancel to go back to the previous page.
Types of API Keys
Account API keys are used to manage Account level operations such as creating or monitoring a cluster, while Organization API keys are used for managing an Organization.
Account API Keys
Instaclustr provides multiple APIs, each of which requires its own unique key to be able to access. Different user roles can only access certain APIs, and as such only generate keys for certain APIs.
Account Owners and Cluster Administrators can access all of the APIs. Read Only level users have access to Monitoring, Prometheus Monitoring and Read Only Provisioning APIs. Refer to our documentation for more information on User Roles.
The Monitoring API provides a wide variety of metrics and data which can be used for monitoring clusters, data centres and nodes. As an alternative to the Monitoring API, monitoring features are available on the Instaclustr console. Refer to our support documentation on The Monitoring Page for more information.
Prometheus is an open source monitoring solution. In addition to viewing metrics through the Instaclustr console, you may wish to have a single monitoring system to simultaneously view your application metrics alongside the metrics from your Instaclustr-managed cluster. The Prometheus Monitoring API is the most popular format for integrating Instaclustr metrics with third-party monitoring or visualization systems.
For more information, refer to our article on Instaclustr Monitoring with Prometheus.
Read Only Provisioning
The Read Only Provisioning API Key can only perform GET requests to endpoints in the Provisioning API. Benefits of using this instead of the Provision API key is so that clusters cannot be modified. You can retrieve information about the clusters but cannot alter the cluster configurations.
The Provisioning API Key has full access to all endpoints in the Provisioning API. It allows for the controlling of the provisioning of clusters and most provisioning actions that are available on the Instaclustr console to be carried out via a REST API.
The User Management API is used for managing users and their access to clusters. Several of the operations in the API implement the SCIM 2.0 protocol which is used for managing user identities at Instaclustr.
A single User Management API key can be used across any account owned by the request user for the Role Change and SCIM 2.0 APIs for convenient multi-account management.
Organization API Keys
The Organization Management API is used for retrieving a list of linked accounts, creating a new account under an organization or unlinking accounts from the organization.