Authenticate and authorize requests or tools to Cloud Observability APIs.
API keys let you authenticate and authorize requests or tools to Cloud Observability APIs. API keys have either organization- or project-level access.
Only some roles can manage API keys in Cloud Observability. Your role also determines the kinds of API keys you can create. The table below shows what the different roles can do with API keys:
Permission | Organization Admin | Organization Billing Admin | Organization Editor | Organization Viewer |
---|---|---|---|---|
Create API keys | Yes | Yes | Yes* | No |
Revoke API keys | Yes | Yes | Yes | No |
View API keys | Yes | Yes | Yes | No |
* Organization Editors can only create API keys with Organization Editor or Organization Viewer permissions.
As of December 2024, only users with log access can create API keys. Options are being explored to allow API key creation by users without log access.
For API requests, include the API key in the Authorization
header using the bearer token:
1
2
3
4
5
$ curl --request POST \
--url https://api.lightstep.com/public/v0.2/organization/projects/project/notebooks \
--header 'Authorization: YOUR-API-KEY' \
--header 'accept: application/json' \
--header 'content-type: application/json'
When integrating with tools, use one API key per tool. That step helps secure your systems.
API keys expire after one year for security reasons. To view expiration dates, click Settings > API keys.
Follow these steps to create a Cloud Observability API key:
Your API key details appear in the Active tab. The expiration date is in the Expires column.
You can’t edit API key permissions. If you want to change an API key’s access level, create a new API key, update all places with the new API key, and revoke the original API key.
Follow the below steps to permanently disable an API key. Cloud Observability displays revoked API keys – and who revoked them – in the Revoked tab.
Updated Nov 21, 2023