API Keys
Overview
Coralogix custom API Keys offer a robust and flexible way to manage access and permissions within your organization. API keys can be generated as personal or shared keys through Coralogix's adaptable role-based access control (RBAC). With RBAC, you can assign specific permissions or groups of permissions, known as role presets, to each key, ensuring precise control over access and operations.
Use Coralogix API keys to:
Control Access. Assign specific permissions to users or teams, ensuring only authorized individuals can access certain features or data.
Enhance Security. Regularly rotate keys and revoke them as necessary to prevent unauthorized access and maintain security.
Facilitate Integration. Seamlessly integrate Coralogix with other tools and services by using API keys for authentication.
Types of API keys
Personal keys
Personal keys are specific to individual Coralogix users. They can be created for personal purposes such as integration testing or experimentation and should not be used for production.
This category includes legacy keys, which are maintained for existing customers.
Send-Your-Data API keys
These shared data ingestion keys ensure secure telemetry data transmission to Coralogix while authenticating the sender's identity. Multiple Send-Your-Data API keys with advanced security systems are supported by our Send-Your-Data Management API.
This key type supports access policies.
Team keys
Shared team keys authenticate API actions for team members for users with programmatic access to Coralogix. Only team members with the roles and permissions contained in a team key may access it. Team key creation and viewing are restricted to members of groups without data scope limitations.
This key type supports access policies.
Access policies for API keys
Note
This feature is available for early-access customers. To request access and confirm your organization meets the feature criteria, contact your account representative or Customer Support.
Both Team Keys and Send-Your-Data API keys support policy-based access control (PBAC). Each key can have an access policy that determines which users and groups can view or manage it.
By default, the creator always retains full access. You can:
- Allow all users to access the key.
- Restrict access to specific groups.
- Specify exception rules that control actions for chosen groups or users.
Create a policy
Follow these steps on the entity’s policy page.
1. Turn on policy (empty state)
Enable policy creation by toggling the switch. This turns the policy on for a specific entity (Access mode becomes Restricted).
2. Set the default rule (baseline)
The default rule sets the baseline for all users who have the relevant permissions for this entity type. You can override this baseline for specific groups using exception rules.
Choose the allowed actions for both the resource and the policy itself.
Available options include:
- Resource actions: Control what users can do with the entity (e.g, Read to view a dashboard, or Update to edit it).
- Policy actions (Read Current Access Policy and Update Current Access Policy): Control who can view or edit the policy configuration itself.
Select None or Enabled:
- None: No one can take actions on the entity except the policy creator.
- Enabled: Choose the baseline actions to allow (for example,
read). Available actions differ by entity type. Selecting all permitted actions effectively mirrors the RBAC behavior.
3. Add exception rules
Use exception rules to adjust access for specific groups relative to the default.
- If the default is Enabled → Read, you can add an exception to grant a group
manage. - If the default is None, you can add an exception to grant a group
readand/ormanage. - To block a specific group when the default allows access, add an exception for that group with allowed actions set to None.
Select a target group and specify the allowed actions for that group. Add multiple rules as needed.
The access policy panel is shared across dashboards, datasets, and other entity types. For details on how policies work, see PBAC.
Permissions
The following permissions are necessary to create and view API keys.
| API Key | Permission | Role Presets |
|---|---|---|
| Personal | personal-custom-api-keys:Manage | APIKeys |
personal-custom-api-keys:ReadConfig | APIKeys | |
| Send-Your-Data | data-ingest-api-keys:Manage | SendData |
data-ingest-api-keys:ReadConfig | SendData | |
data-ingest-api-keys:ReadAccessPolicy | ||
data-ingest-api-keys:UpdateAccessPolicy | ||
| Team | team-custom-api-keys:Manage | APIKeys |
team-custom-api-keys:ReadConfig | APIKeys | |
data-ingest-api-keys:ReadAccessPolicy | ||
data-ingest-api-keys:UpdateAccessPolicy |
Note
PBAC access-policy actions (ReadAccessPolicy, UpdateAccessPolicy) are not included in the default APIKeys preset.
Security
As a security best practice, Coralogix suggests generating multiple keys for your organization, with the option to view and download them once. Employing multiple API keys enables you to regularly rotate keys to enhance security or to revoke a specific key in case of accidental exposure or when discontinuing the associated service.
To activate advanced security settings, navigate to Settings > API Key Security Settings.
Once the API Key Security Settings have been activated, when generating a new API key, you will have a one-time opportunity to view and copy it on your UI upon its creation. You must download it as a text file to be saved locally.
Note
Only users with
team-api-keys-security-settings:Managepermission can control this attribute. Those with theteam-api-keys-security-settings:ReadConfigpermission may view it.Once these settings are in place, they will apply to new keys generated after this time.
Add a custom API key
From the Coralogix toolbar, click the user icon at the top right corner and click Settings.
In the left-hand menu, select Keys.
Select the key type of your choice and click + KEY.
Add a key name.
Attach permissions to the key using role presets, manual customization, or a combination of the two.
- Select Role presets, clusters of feature-based permissions, from the drop-down menu. Future permissions added to the selected preset will be automatically applied to the key.
- Select the Advanced option to customize your key by manually selecting team permissions.
Note
Given the RUM API key's public nature and to ensure our users’ privacy, the RUM preset is standalone and may not be attached to other roles or role presets.
(Optional) Set the access policy for the key to control who can view and manage it.
Click NEXT.
You can save your key locally by copying and downloading it or in your Coralogix UI. If your [API Key Security Settings] have been activated, you will have a one-time opportunity to view and copy it and will be required to download it as a text file to be saved locally.
Actions
Once added, your key will appear in Keys with all of your existing keys, along with its name, creator name and type, creation date, and status. You can view, copy, activate, deactivate, and even delete it as necessary.
Migrate legacy keys to custom API Keys
Legacy keys, such as the Alerts, Rules, & Tags API key, the Logs Query API key, and the Team API key, will appear under Personal keys in the Keys UI.
Legacy Send-Your-Data API keys will appear under Send-Your-Data API keys.
Legacy SCIM keys will appear under Team keys.
Click the eye icon next to each legacy key to view its role presets and permissions. You can recreate these keys using this information as more streamlined, customized API keys.
Additional resources
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by emailing support@coralogix.com.