API Keys
User-level API Keys
When making programmatic calls to the Gremlin API, instead of using your own account profile with your username password credentials, you can leverage API keys. They are tied to your user and have the same level of access as your user so you can use API keys to integrate with any part of the Gremlin API.
To create a new API key
- Go to Account Settings.
- Select the API Keys tab.
- Click New API Key button.
- Give your key a unique name and an optional description.
- Click save, and copy your key content for use.
To revoke and reinstate an API Key
- Before you begin, confirm that you have stopped using the API Key.
- Go to Account Settings.
- Select the API Keys tab.
- Hover over the 3 dots to the right of your API Key.
- Select Revoke Key or Reinstate Key in the popup.
- If you are revoking a key, confirm by clicking the Revoke button.
Usage
Instead of using a Bearer token, provide the key content in the Authorization Header, prefixed with Key
.
1Authorization: Key f02868098b13e4f68da82b0c5e5c950ea750fce53c62d982cdab0c61099e5f98
See Creating Attacks for examples of creating an attack via the API.
Limit
There is a limit of 5 active API Keys per user.
Access
API keys have access levels equivilant to the user who created the key. For example, if you are a Company Manager
and you create a key, that key will have the same level of access as a Company Manager
. The same goes for teams, if you are a Team Manager
in Team A and a Team User
in Team B, then the API key will have Team Manager
level access to Team A and Team User
level access to Team B.
Company Settings API Keys tab
For Company Managers and Company Owners, there is now an API Keys tab located at the Company Settings page. This will list all the user-level API keys that your users have created. You can search by the name of the API Key or the name of who created it. This is to provide insight for if you plan to remove a user or edit their roles, you know what API keys will be affected by the change.
Team-level API Keys
7/15/2021
When making programmatic calls to the Gremlin API, instead of using your own account profile with your username password credentials, you can leverage team-level API keys. This is akin to having a "service account" in other software products.
To revoke and reinstate an API Key
- Before you begin, confirm that you have stopped using the API Key.
- Go to Company Settings.
- Select your Team.
- Select the API Keys tab.
- Hover over the 3 dots to the right of your API Key.
- Select Revoke Key or Reinstate Key in the popup.
- If you are revoking a key, confirm by clicking the Revoke button.
Usage
Instead of using a Bearer token, provide the key content in the Authorization Header, prefixed with Key
.
1Authorization: Key f02868098b13e4f68da82b0c5e5c950ea750fce53c62d982cdab0c61099e5f98
See Creating Attacks for examples of creating an attack via the API.
Limit
There is a limit of 5 active API Keys per team.
Access
API keys have access levels equivilant to a Company User and Team User for the company and team that the API key was created under.