API Keys in Alumio

iPaaS Documentation Access Control
1

Table Of Contents

  • Introduction
  • API Keys Overview
  • API Key Creation
  • Managing API Keys

Introduction

The API Keys section allows you to create, manage, and monitor API keys used to authenticate external access to your Alumio environment. From this overview, you can easily see who created a key, when it was created, and when it was last used, as well as perform key management actions.

An API Key can be created by navigating to More → Access Control → API Keys.

API Keys Overview

The API Keys overview page displays a list of all existing API keys with the following information, allowing you to do various actions, such as sorting keys by column headers: filtering keys using available filters (for example, by name or creation date); navigating through multiple pages when many keys exist; and controlling the number of records shown per page.

  • Name – The unique name of the API key.
  • Created by – The user who created the key.
  • Created at – The date the key was generated.
  • Last used – The most recent time the key was used (if applicable).
  • Actions – Available actions for the key, such as deletion.

API Key Creation

To create a new API Key:

Step 1: Click Create on the API Keys overview page.
Step 2: In the Create a new API Key popup, enter a Token name (required).
Step 3: Add a Description to document the purpose of the API key if needed.
Step 4: Click Create API key to generate the key, or Cancel to discard changes.

Once created, the API key will appear in the overview list and can be used immediately for authentication.

Managing API Keys

For each API key, the Actions menu allows you to manage the key directly from the overview:

  • Delete – Permanently removes the API key.

The “Last used” column helps you identify inactive or unused keys, making it easier to maintain security and clean up obsolete credentials.

image
image1920×1080 168 KB

Video guide

Import Configuration Files into Alumio with API
1. Getting to know the dashboard and flow of data
2

Are API Keys bound to the user that created them, or are they like service accounts?

3

Hi @h.vennik,

You are correct that each API key is bound to the user who created it. All the API calls that come from the token will be logged as the user’s activities in the Audit Trail page.

4

Hi Gugi,

What happens when the user who created them is deleted? Do the API keys get invalidated at that point?

We’re working on a few automations which we’d be using the API keys for, and it’d not be great if those become non-functional if I every leave the company ;).

5

Hi @floris

Thank you for the question. An API key will be automatically revoked once the user who created it is removed from the dashboard. It’s because the token is tied to the creator. Therefore, the only way to avoid the automations from being interrupted is for another user to create a new API key and use it before removing the user.

Alternatively, you can use a user who will never be removed from the dashboard to create the API key.