# Generate API Keys The StrongDM API allows for programmatic management of users, permissions, and resources within an organization. ### API Credentials To use the StrongDM API, you need to have an API `access` and `secret` key. These keys authorize every request when managing objects with the API, so please keep them safe. The API access key is a hex string in the format `auth-0123abcd`, and the secret portion of the key is a string (for example, `1aBC23dEfgHiJklMnoPqr+stUVwxyz123ABC4dEFGhi1JKL/MNoPQR2S==`). {% hint style="info" %} The format of API access keys used to be a long Base64-encoded string. Existing API keys in the old format are unaffected, and the format of the secret portion of the key remains the same. {% endhint %} From the Admin UI's **Principals** > **Tokens** section, you can view, add, clone, and delete API keys. ![](https://79757147-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4XOJmXFslCMVCzIG2rKp%2Fuploads%2Fgit-blob-da361ef3e4f784548abccbd19f49f269306df0b7%2Ftokens-and-keys-list.png?alt=media) #### How to add API keys 1. In the **Principals** > **Tokens** section of the Admin UI, click **Add API key**. 2. On the **Create API Key** page that displays, enter a name, determine when the credentials expire, and specify the scope of permissions. ![](https://79757147-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4XOJmXFslCMVCzIG2rKp%2Fuploads%2Fgit-blob-88b6bffa4dbe298d37c5cb5013347824971e8ad8%2Fcreate-api-key.png?alt=media) 3. Click **Create**. 4. Save the set of access and secret keys that are shown. #### Clone keys Cloning creates a new pair of keys with the same set of permissions as the original set. #### Delete keys Once deleted, API keys are instantly invalidated, preventing any further API requests from being made. {% hint style="info" %} API credential rotation is not currently available. {% endhint %} ### How to Use Keys StrongDM has four language-specific SDKs and a Terraform provider. The following SDKs contain more information on the respective options. * [Python](https://github.com/strongdm/strongdm-sdk-python) * [Go](https://github.com/strongdm/strongdm-sdk-go) * [Java](https://github.com/strongdm/strongdm-sdk-java) * [Ruby](https://github.com/strongdm/strongdm-sdk-ruby) * [Terraform](https://github.com/strongdm/terraform-provider-sdm) ### What About the CLI? The StrongDM CLI remains a convenient way of managing StrongDM resources with your user credentials. Please see the [CLI reference](https://docs.strongdm.com/references/cli) docs for more information about the CLI. ### API Keys Created by Suspended Users What happens to API keys that are owned by a suspended user? API keys are still usable even if the user who created them is suspended. When suspending a user, the Admin UI lists the API keys created by that user and asks if they should be deleted. Select **No** to keep them. After confirming suspension, you can see in the **Principals** > **Tokens** page that the API keys continue to be owned by the suspended user. Because API keys are a public/private pair, new keys need to be created and the old keys need to be deleted when any automation systems use the new keys.