Some of my users created API Keys using their own personal accounts instead of the Service accounts. Now that we are locking down permissions, those users lack adequate permissions. Additionally if any of them leave the company and we close their account, things will obviously break.
Is there a way to move an API Key to a different account? This would make things much, much easier on my end. Rather than tracking down all these application settings, I could simply identify which users created their own keys, and then move those api keys to the service account.
Thanks for getting in touch! We don’t have first-class support for moving API keys around, only for creating and revoking them. Typically you would follow a process like this:
- Create a new API key for the correct Service Account with a helpful purpose
- Change you external service to use the new API key
- Revoke the old API key
If you really feel moving the API key is your best option, you could do this in the SQL Database directly however this activity will not be audited. You would change the
UserId for the appropriate API Key(s) to the Service User account’s Id.
Hope that helps!
Thanks Michael, this was exactly what I was looking for. Very much appreciate you outlining both methods for doing this.
I think my team is leaning towards just creating new key’s due to security/auditing.
Hi! I agree, that will be the best long-term option.
All the best, and hope it goes smoothly!