Team API Keys
Overview
Team API keys are designed for service accounts that manage Open Authorization API (OAA) integrations assigned to a team. Similar to personal API keys, these keys authenticate API requests, and can be revoked or reinstated to control programmatic access to Veza. Each key is associated with a single team and has the oaa_push role, restricted to specific read and write operations for creating and updating OAA data sources.
Team API keys are limited to the following operations:
Administrators can create and manage team API keys using the endpoints documented below. Note that Team API Keys are currently provided as an early access feature, and /preview/ API operations are subject to change as capabilities are added or modified.
List Team API Keys
Method: GET Endpoint: /api/preview/teamkeys
Returns API key details such as last activity time and status. If the query includes a team_id filter expression, only keys for that team are listed.
Note: When using a personal API key for a non-root team, the team_id filter is automatically applied. Only root team administrators can view keys across all teams.
Example Request:
curl -X GET "https://<base-url>/api/preview/teamkeys?filter=team_id+eq+%2260437fa0-15ab-4c1f-a211-010543ac8a89%22" \
-H "accept: application/json"Example Response:
{
"values": [
{
"id": "54807783-c5ec-4efd-9d1b-853bada658dd",
"access_key": "",
"name": "AWS Team Key",
"created_at": "2024-06-25T08:30:17.087351612Z",
"last_access_at": "2024-06-25T08:30:17.087351612Z",
"status": "ACTIVE",
"team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
}
],
"next_page_token": ""
}Create Team API Key
Method: POST Endpoint: /api/preview/teamkeys
Create an API key by providing a key name and team team_id. The response includes the access_key, which cannot be retrieved again.
Example Request:
curl -X POST "https://<base-url>/api/preview/teamkeys" \
-H "accept: application/json" \
-H "content-type: application/json" \
-d '{"name":"New Team API Key","team_id":"60437fa0-15ab-4c1f-a211-010543ac8a89"}'Example Response:
{
"value": {
"id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d",
"access_key": "<access key>",
"name": "New Team API Key",
"created_at": "2024-08-26T21:29:59.409761363Z",
"last_access_at": "2024-08-26T21:29:59.409761363Z",
"status": "ACTIVE",
"team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
}
}Remove Team API Key
Method: DELETE Endpoint: /api/preview/teamkeys/{id}
Permanently delete a team API key.
Example Request:
curl -X DELETE "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d" \
-H "accept: application/json"Example Response:
{
"value": {
"id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d",
"access_key": "",
"name": "Updated API Key",
"created_at": "2024-08-26T21:29:59.409761363Z",
"last_access_at": "2024-08-26T21:29:59.409761363Z",
"status": "INACTIVE",
"team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
}
}Revoke Team API Key
Method: POST Endpoint: /api/preview/teamkeys/{id}:revoke
Suspend usage of a team API key, changing the status to INACTIVE.
Example Request:
curl -X POST "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d:revoke" \
-H "accept: application/json"Example Response:
{}Reinstate Team API Key
Method: POST Endpoint: /api/preview/teamkeys/{id}:reinstate
Reinstates a previously revoked team API key, changing the status to ACTIVE.
Example Request:
curl -X POST "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d:reinstate" \
-H "accept: application/json"Example Response:
{}Update Team API Key
Method: PATCH Endpoint: /api/preview/teamkeys/{value.id}
Use this operation to update the display name of a team API key.
Example Request:
curl -X PATCH "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d" \
-H "accept: application/json"\
-H "content-type: application/json" \
-d '{"name":"Updated API Key"}'Example Response:
{
"value": {
"id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d",
"access_key": "",
"name": "Updated API Key",
"created_at": "2024-08-26T21:29:59.409761363Z",
"last_access_at": "2024-08-26T21:29:59.409761363Z",
"status": "ACTIVE",
"team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
}
}Last updated
Was this helpful?