Create and manage API keys

You need to supply an API Key as the Authorization header for all API requests, using the bearer identifier. You also may need API keys when you integrate Cloud Observability with other applications.

For security reasons, keys expire after one year. Expiration dates are displayed on the API Keys page, and you can create a new key at any time.

Only users with Admin access or Member access can create API keys. However, member users may only create tokens with member access.

Create API keys

You can create API keys in Account management. For security reasons, create a separate API key for each application and third-party integration.

This image shows how to create an API key. The steps below describe the procedure in more detail.

Create an API key

  1. In Cloud Observability, click Account management > API keys.
  2. Click Create New API Key.

  3. In the dialog, enter a description for the key and select a Role, which grants a specific set of permissions for this key. Use a key with Viewer access for APIs that only read data from Cloud Observability. If you plan on updating information within your account (programmatically creating streams for example), use the Member role. Only create an Admin key if you are ok with the key having full access to creating and deleting data in all of Cloud Observability.

  4. Click Create Key. The API key is created and shown to you.

  5. Click Copy & Close to copy the link to your clipboard, then you can paste this key where you need it.

    This is your only chance to view the actual key, so the best practice is to copy and paste the key to a safe place immediately.

View or revoke API keys

You can revoke an existing key to permanently disable it. However, you can’t edit or view keys after you create one. If you want to change the access level for a key, you need to revoke the original and create a new key. Before revoking a key, be sure to create a new one and update all places that use it, as revoking a key takes effect immediately.

This image shows how to revoke an API key. The steps below describe the procedure in more detail.

Revoke an API key

  1. In Cloud Observability, click Account management > API keys.

    You can view the keys and the level of access they have.

  2. Find the key you want to revoke and click Revoke.

  3. In the dialog, click Revoke Key to immediately revoke the key. Cloud Observability displays API key revoked to confirm your change.

Updated Dec 6, 2022