Authenticate and authorize requests or tools to Cloud Observability APIs.
API keys let you authenticate and authorize requests or tools to Cloud Observability APIs. API keys have either organization- or project-level access.
Only some roles can manage API keys in Cloud Observability. Your role also determines the kinds of API keys you can create. The table below shows what the different roles can do with API keys:
|Permission||Organization Admin||Organization Billing Admin||Organization Editor||Organization Viewer||Project Editor||Project Viewer|
|Create API keys||Yes||Yes||Yes*||No||Yes**||No|
|Revoke API keys||Yes||Yes||Yes||No||Yes
(Project Editors can only revoke their own API keys.)
|View API keys||Yes||Yes||Yes||No||Yes
(Project Editors can only view their own API keys.)
* Organization Editors can only create API keys with Organization Editor, Organization Viewer, Project Editor, and Project Viewer permissions.
** Project Editors can only create API keys for the projects they have access to. The API keys can have Project Editor or Project Viewer permissions.
For API requests, include the API key in the
Authorization header using the bearer token:
1 2 3 4 5 $ curl --request POST \ --url https://api.lightstep.com/public/v0.2/organization/projects/project/notebooks \ --header 'Authorization: YOUR-API-KEY' \ --header 'accept: application/json' \ --header 'content-type: application/json'
When integrating with tools, use one API key per tool. That step helps secure your systems.
API keys expire after one year for security reasons. To view expiration dates, click Account management > API keys.
Follow these steps to create a Cloud Observability API key:
Your API key details appear in the Active tab. The expiration date is in the Expires column.
You can’t edit API key permissions. If you want to change an API key’s access level, create a new API key, update all places with the new API key, and revoke the original API key.
Follow the below steps to permanently disable an API key. Cloud Observability displays revoked API keys – and who revoked them – in the Revoked tab.
Updated Oct 17, 2023