Authentication
Veza APIs require an access token, which you can generate from Administration > API Keys
You can call Veza APIs using API keys for authentication. Each API Key inherits the permissions of the user who created it, and functions as a personal access token for that user. The Administration > API Keys page allows individual users to manage their own keys. Only Veza administrators can view keys belonging to other users.
Users can view the activity status and revoke, reinstate, or rename any keys they create or have permission to update.
Deleting a key will permanently remove it. Owners can revoke and reinstate keys to intermittently disable them.
API keys each have a name and owner. Keys inherit the permissions and roles of their creator.
See User Management for possible Veza
admin
andoperator
actions.
Create an API key
To generate a key associated with your user account:
Open Administration > API Keys > Add New API Key.
Enter a descriptive name for the new key, and click Save.
Copy and save the value, which will only appear once.
Teams and API Keys
Teams allow you to create non-admin, read-only API Keys, limited in access to integrations allowed for a team. When creating an API Key, pick an entry from the list of teams to apply that team scope.
The Team column on the API Keys page shows API key > Team assignments.
Using API keys
When making requests to Veza APIs, provide the key as an OAuth 2.0 Bearer Token in the request Authorization header:
You should protect and secure API Keys, which have all the permissions associated with your username and password. Save keys as environment variables or use a secrets manager instead of including them in scripts, for example:
Troubleshooting
If you encounter authentication errors, confirm that the key is valid and generate a new key if required. API key errors are:
Invalid API key
: API key is not the correct format (not base64 encoded)Malformed API key
: Typically due to a copy and paste error (correct format but invalid characters)
Last updated