Manage API keys
Harness APIs use API keys to authenticate requests. You can create API keys for your personal account or for service accounts. API keys can be created at any scope.
After creating an API key, you must add tokens to the key, and then you use the tokens in your API requests or where ever else you need to supply an API key for authentication. Each API key can have multiple tokens.
Keys and tokens inherit the permissions of the account they are created under. If you create an API key under your personal account, then the key and tokens have the same permissions as your account. If you create an API key under a service account, then the key and tokens have the same permissions as the service account. You must be an Account Admin (or equivalent) to create service accounts and API keys for service accounts.
Create personal API keys and tokens
Use these steps to create an API key and personal access token (PAT) for your personal Harness account.
Go to your user profile in Harness.
Under My API Keys, select API Key.
Enter a Name for the API key. Description and Tags are optional.
Select Save to create your API key.
Select Token under your new API key.
Enter a Name for the token. Description and Tags are optional.
If you want to set an expiration date for the token, select Set Expiration Date and enter an expiration date in
mm/dd/yyyy
format.Select Generate Token and copy the token.
cautionThe token is only displayed once. Store the token somewhere secure that you can access when you make API requests.
Your API keys carry many privileges. Don't store them in publicly-accessible areas.
After rotating tokens make sure you always use the new token.
Create service account API keys and tokens
Use these steps to create an API key and service account token (SAT) for a service account. To do this, you must have the Account Admin role or another role that provides permissions to View, Create/Edit, Manage, and Delete service accounts.
If you haven't done so already, create a Service Account. The API key and token inherit the permissions of the service account they are associated with; therefore, make sure the service account has the necessary permissions.
In Harness, select Account Settings, and then select Access Control.
Select Service Accounts in the header, and then select the service account for which you want to create an API key.
Under API Keys, select API Key.
Enter a Name for the API key. Description and Tags are optional.
Select Save to create the API key.
Select Token under the new API key.
Enter a Name for the token. Description and Tags are optional.
If you want to set an expiration date for the token, select Set Expiration Date and enter an expiration date in
mm/dd/yyyy
format.Select Generate Token and copy the token.
cautionThe token is only displayed once. Store the token somewhere secure that you can access when you make API requests.
API keys carry many privileges. Don't store them in publicly-accessible areas.
After rotating tokens make sure you always use the new token.
Edit API keys
Use these steps to edit the name, description, or tags for an API key. To edit tokens under API keys, go to edit tokens and rotate tokens.
- Edit personal API keys
- Edit service account API keys
- Go to your user profile in Harness.
- Under My API Keys, select More Options (⋮) next to the key you want to edit, and then select Edit.
- You can edit the name, description, and tags. You can't edit the Id.
- Select Save.
- In Harness, select Account Settings, and then select Access Control.
- Select Service Accounts in the header, and then select the service account for which you want to edit an API key.
- Select More Options (⋮) next to the key you want to edit, and then select Edit.
- You can edit the name, description, and tags. You can't edit the ID.
- Select Save.
Edit tokens
Use these steps to edit the name, description, tags, and expiration dates of tokens under API keys. You can also rotate tokens.
- Edit personal access tokens
- Edit service account tokens
- Go to your user profile in Harness.
- Under My API Keys, expand the token that you want to edit, select More Options (⋮), and then select Edit.
- You can edit the name, description, tags, and expiration date. You can't edit the Id or the token's value.
- Select Save.
- In Harness, select Account Settings, and then select Access Control.
- Select Service Accounts in the header, and then select the service account for which you want to edit a token.
- Select the API key that has the token you want to edit.
- Select More Options (⋮) next to the token you want to edit, and then select Edit.
- You can edit the name, description, tags, and expiration date. You can't edit the ID or the token's value.
- Select Save.
Rotate tokens
As a security best practice, rotate tokens periodically. You can rotate tokens in Harness for symmetric encryption.
- Rotate personal access tokens
- Rotate service account tokens
- Go to your user profile in Harness.
- Under My API Keys, expand the token that you want to rotate, select More Options (⋮), and then select Rotate Token.
- If you want to set an expiration date for the token, select Set Expiration Date and enter an expiration date in
mm/dd/yyyy
format. - Select Rotate Token and copy the token.
- In Harness, select Account Settings, and then select Access Control.
- Select Service Accounts in the header, and then select the service account for which you want to rotate a token.
- Select the API key that has the token you want to rotate.
- Select More Options (⋮) next to the token you want to rotate, and then select Rotate Token.
- If you want to set an expiration date for the token, select Set Expiration Date and enter an expiration date in
mm/dd/yyyy
format. - Select Rotate Token and copy the token.
The token is only displayed once. Store the token somewhere secure that you can access when you make API requests.
API keys carry many privileges. Don't store them in publicly-accessible areas.
After rotating tokens make sure you always use the new token.
Delete API keys
Use these steps to delete an API key and all of its tokens. To delete individual tokens under API keys, go to delete tokens.
- Edit personal API keys
- Edit service account API keys
- Go to your user profile in Harness.
- Under My API Keys, select More Options (⋮) next to the key you want to delete, and then select Delete.
- In Harness, select Account Settings, and then select Access Control.
- Select Service Accounts in the header, and then select the service account for which you want to delete an API key.
- Select More Options (⋮) next to the key you want to delete, and then select Delete.
Delete tokens
- Delete personal access tokens
- Delete service account tokens
- Go to your user profile in Harness.
- Under My API Keys, expand the token that you want to delete, select More Options (⋮), and then select Delete.
- In Harness, select Account Settings, and then select Access Control.
- Select Service Accounts in the header, and then select the service account for which you want to delete a token.
- Select the API key that has the token you want to delete.
- Select More Options (⋮) next to the token you want to delete, and then select Delete.