Authentication
Veza APIs require an access token, which you can generate from Administration > API Keys
Last updated
Was this helpful?
Veza APIs require an access token, which you can generate from Administration > API Keys
Last updated
Was this helpful?
You can call Veza APIs using API keys for authentication. Based on your needs, you can generate personal or team-scoped API keys. Each Personal API Key inherits the permissions of the user who created it, and functions as a personal access token for that user. The Administration > API Keys page allows individual users to manage their own keys under the 'Personal' tab. Only Veza administrators can view keys belonging to other users.
Under the 'Team' tab, you can mange API keys which are scoped to particular teams.
Users can view the activity status and revoke, reinstate, or rename any keys they create or have permission to update.
Deleting a key will permanently remove it. Owners can revoke and reinstate keys to intermittently disable them.
API keys each have a name and owner. Keys inherit the permissions and roles of their creator.
See for possible Veza admin and operator actions.
Personal API keys are used for general platform access and management tasks. Each key is tied to a specific user and is scoped to a single team that the user is a member of.
To generate a key associated with your user account:
Open Administration > API Keys > Personal > Add New Personal API Key.
Enter a descriptive name for the new key, and click Save.
Copy and save the API key value, which will not be shown again.
Personal API keys are scoped to current userβs account and the selected team.
Removing a user from a team will also remove any personal API keys they created within that team.
If a user is removed from the platform, all of their personal API keys will be deleted.
Team API keys are visible to all team members but can only be created by users with Admin or Operator roles.
These keys remain within the team even if the user who created them is removed from the team or deleted from the platform.
Open Administration > API Keys > Team > Add New Team API Key.
Enter a descriptive name for the new key, and click Save.
Copy and save the API key value, which will not be shown again.
From the API Keys page, user can also manage the API keys, either personal or team-scoped:
Use Edit to edit the name of the API key
Use Revoke to temporarily disable personal API key
Use Reinstate to reenable a revoked API key
Use Delete to completely remove the API key
When making requests to Veza APIs, provide the key as an OAuth 2.0 Bearer Token in the request Authorization header:
You should protect and secure API Keys, which have all the permissions associated with your username and password. Save keys as environment variables or use a secrets manager instead of including them in scripts, for example:
If you encounter authentication errors, confirm that the key is valid and generate a new key if required. API key errors are:
Invalid API key: API key is not the correct format (not base64 encoded)
Malformed API key: Typically due to a copy and paste error (correct format but invalid characters)
API keys are designed for service accounts that manage Open Authorization API (OAA) integrations assigned to a team. Each key is associated with a single team and has the oaa_push role, restricted to specific read and write operations for creating and updating OAA data sources. These API keys currently cannot be used to access other API endpoints.
To see which endpoints can be used with Team API Keys, refer to the documentation