# Generate API Keys The StrongDM API allows for programmatic management of users, permissions, and resources within an organization. ### API Credentials To use the StrongDM API, you need to have an API `access` and `secret` key. These keys authorize every request when managing objects with the API, so please keep them safe. The API access key is a hex string in the format `auth-0123abcd`, and the secret portion of the key is a string (for example, `1aBC23dEfgHiJklMnoPqr+stUVwxyz123ABC4dEFGhi1JKL/MNoPQR2S==`). {% hint style="info" %} The format of API access keys used to be a long Base64-encoded string. Existing API keys in the old format are unaffected, and the format of the secret portion of the key remains the same. {% endhint %} From the Admin UI's **Principals** > **Tokens** section, you can view, add, clone, and delete API keys. ![](https://79757147-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4XOJmXFslCMVCzIG2rKp%2Fuploads%2Fgit-blob-da361ef3e4f784548abccbd19f49f269306df0b7%2Ftokens-and-keys-list.png?alt=media) #### How to add API keys 1. In the **Principals** > **Tokens** section of the Admin UI, click **Add API key**. 2. On the **Create API Key** page that displays, enter a name, determine when the credentials expire, and specify the scope of permissions. ![](https://79757147-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4XOJmXFslCMVCzIG2rKp%2Fuploads%2Fgit-blob-88b6bffa4dbe298d37c5cb5013347824971e8ad8%2Fcreate-api-key.png?alt=media) 3. Click **Create**. 4. Save the set of access and secret keys that are shown. #### Clone keys Cloning creates a new pair of keys with the same set of permissions as the original set. #### Delete keys Once deleted, API keys are instantly invalidated, preventing any further API requests from being made. {% hint style="info" %} API credential rotation is not currently available. {% endhint %} ### How to Use Keys StrongDM has four language-specific SDKs and a Terraform provider. The following SDKs contain more information on the respective options. * [Python](https://github.com/strongdm/strongdm-sdk-python) * [Go](https://github.com/strongdm/strongdm-sdk-go) * [Java](https://github.com/strongdm/strongdm-sdk-java) * [Ruby](https://github.com/strongdm/strongdm-sdk-ruby) * [Terraform](https://github.com/strongdm/terraform-provider-sdm) ### What About the CLI? The StrongDM CLI remains a convenient way of managing StrongDM resources with your user credentials. Please see the [CLI reference](https://docs.strongdm.com/references/cli) docs for more information about the CLI. ### API Keys Created by Suspended Users What happens to API keys that are owned by a suspended user? API keys are still usable even if the user who created them is suspended. When suspending a user, the Admin UI lists the API keys created by that user and asks if they should be deleted. Select **No** to keep them. After confirming suspension, you can see in the **Principals** > **Tokens** page that the API keys continue to be owned by the suspended user. Because API keys are a public/private pair, new keys need to be created and the old keys need to be deleted when any automation systems use the new keys. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/references/api/api-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.