Team API Keys

Overview

Team API keys are designed for service accounts that manage Open Authorization API (OAA) integrations assigned to a team. Similar to personal API keys, these keys authenticate API requests, and can be revoked or reinstated to control programmatic access to Veza. Each key is associated with a single team and has the oaa_push role, restricted to specific read and write operations for creating and updating OAA data sources.

Team API keys are limited to the following operations:

Administrators can create and manage team API keys using the endpoints documented below. Note that Team API Keys are currently provided as an early access feature, and /preview/ API operations are subject to change as capabilities are added or modified.

List Team API Keys

Method: GET Endpoint: /api/preview/teamkeys

Returns API key details such as last activity time and status. If the query includes a team_id filter expression, only keys for that team are listed.

Note: When using a personal API key for a non-root team, the team_id filter is automatically applied. Only root team administrators can view keys across all teams.

List API keys for teams

get

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Query parameters

filterstringOptional

[team_id] String to filter API keys belonging to a specific team. If empty, list all team keys in scope

page_sizeinteger · int32Optional

page_tokenstringOptional

Responses

200

application/json

default

Default error response

application/json

get

/api/preview/teamkeys

GET /api/preview/teamkeys HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "id": "text",
      "access_key": "text",
      "name": "text",
      "created_at": "2025-12-12T23:21:35.167Z",
      "last_access_at": "2025-12-12T23:21:35.167Z",
      "status": 1,
      "team_id": "text",
      "team_name": "text"
    }
  ],
  "next_page_token": "text"
}

Example Request:

curl -X GET "https://<base-url>/api/preview/teamkeys?filter=team_id+eq+%2260437fa0-15ab-4c1f-a211-010543ac8a89%22" \
 -H "accept: application/json"

Example Response:

{
  "values": [
    {
      "id": "54807783-c5ec-4efd-9d1b-853bada658dd",
      "access_key": "",
      "name": "AWS Team Key",
      "created_at": "2024-06-25T08:30:17.087351612Z",
      "last_access_at": "2024-06-25T08:30:17.087351612Z",
      "status": "ACTIVE",
      "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
    }
  ],
  "next_page_token": ""
}

Create Team API Key

Method: POST Endpoint: /api/preview/teamkeys

Create an API key by providing a key name and team team_id. The response includes the access_key, which cannot be retrieved again.

Create a new team API key for a service account

post

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Body

namestringOptional

Human friendly name

team_idstringOptional

Service account's team ID

Responses

200

application/json

default

Default error response

application/json

post

/api/preview/teamkeys

POST /api/preview/teamkeys HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "name": "text",
  "team_id": "text"
}

{
  "value": {
    "id": "text",
    "access_key": "text",
    "name": "text",
    "created_at": "2025-12-12T23:21:35.167Z",
    "last_access_at": "2025-12-12T23:21:35.167Z",
    "status": 1,
    "team_id": "text",
    "team_name": "text"
  }
}

Example Request:

curl -X POST "https://<base-url>/api/preview/teamkeys" \
 -H "accept: application/json" \
 -H "content-type: application/json" \
 -d '{"name":"New Team API Key","team_id":"60437fa0-15ab-4c1f-a211-010543ac8a89"}'

Example Response:

{
  "value": {
    "id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d",
    "access_key": "<access key>",
    "name": "New Team API Key",
    "created_at": "2024-08-26T21:29:59.409761363Z",
    "last_access_at": "2024-08-26T21:29:59.409761363Z",
    "status": "ACTIVE",
    "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
  }
}

Remove Team API Key

Method: DELETE Endpoint: /api/preview/teamkeys/{id}

Permanently delete a team API key.

Remove team API Key

delete

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

delete

/api/preview/teamkeys/{id}

DELETE /api/preview/teamkeys/{id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "value": {
    "id": "text",
    "access_key": "text",
    "name": "text",
    "created_at": "2025-12-12T23:21:35.167Z",
    "last_access_at": "2025-12-12T23:21:35.167Z",
    "status": 1,
    "team_id": "text",
    "team_name": "text"
  }
}

Example Request:

curl -X DELETE "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d" \
 -H "accept: application/json"

Example Response:

{
  "value": {
    "id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d",
    "access_key": "",
    "name": "Updated API Key",
    "created_at": "2024-08-26T21:29:59.409761363Z",
    "last_access_at": "2024-08-26T21:29:59.409761363Z",
    "status": "INACTIVE",
    "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
  }
}

Revoke Team API Key

Method: POST Endpoint: /api/preview/teamkeys/{id}:revoke

Suspend usage of a team API key, changing the status to INACTIVE.

Revoke team API Key

post

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

idstringRequired

Responses

200

application/json

Responseobject

default

Default error response

application/json

post

/api/preview/teamkeys/{id}:revoke

POST /api/preview/teamkeys/{id}:revoke HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

Example Request:

curl -X POST "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d:revoke" \
 -H "accept: application/json"

Example Response:

{}

Reinstate Team API Key

Method: POST Endpoint: /api/preview/teamkeys/{id}:reinstate

Reinstates a previously revoked team API key, changing the status to ACTIVE.

Reinstate a revoked team API Key

post

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

idstringRequired

Responses

200

application/json

Responseobject

default

Default error response

application/json

post

/api/preview/teamkeys/{id}:reinstate

POST /api/preview/teamkeys/{id}:reinstate HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

Example Request:

curl -X POST "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d:reinstate" \
 -H "accept: application/json"

Example Response:

{}

Update Team API Key

Method: PATCH Endpoint: /api/preview/teamkeys/{value.id}

Use this operation to update the display name of a team API key.

Update team API key metadata

patch

Authorizations

AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

Log into your Veza tenant
Navigate to Administration → API Keys
Generate a new API key and save the value securely

Path parameters

value.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

API Key

idstringOptional

The unique identifier of this API key.

access_keystringRead-onlyOptional

Base64 encoded access token. Only available when creating a key

namestringOptional

User provided name for this key

created_atstring · date-timeRead-onlyOptional

ISO-8601 timestamp of when this key was created

last_access_atstring · date-timeRead-onlyOptional

ISO-8601 timestamp of when this key was last updated

statusinteger · enumRead-onlyOptional

Status of the key. Key is ACTIVE or INACTIVE. API keys can only be used when they are ACTIVE

team_idstringOptional

Team ID that this key belongs to

team_namestringRead-onlyOptional

Team Name that this key belongs to

Responses

200

application/json

default

Default error response

application/json

patch

/api/preview/teamkeys/{value.id}

PATCH /api/preview/teamkeys/{value.id} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 44

{
  "id": "text",
  "name": "text",
  "team_id": "text"
}

{
  "value": {
    "id": "text",
    "access_key": "text",
    "name": "text",
    "created_at": "2025-12-12T23:21:35.167Z",
    "last_access_at": "2025-12-12T23:21:35.167Z",
    "status": 1,
    "team_id": "text",
    "team_name": "text"
  }
}

Example Request:

curl -X PATCH "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d" \
 -H "accept: application/json"\
 -H "content-type: application/json" \
 -d '{"name":"Updated API Key"}'

Example Response:

{
  "value": {
    "id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d",
    "access_key": "",
    "name": "Updated API Key",
    "created_at": "2024-08-26T21:29:59.409761363Z",
    "last_access_at": "2024-08-26T21:29:59.409761363Z",
    "status": "ACTIVE",
    "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
  }
}

PreviousTeam and User Management APIs NextLifecycle Management APIs

Last updated 4 months ago

Was this helpful?