Generate a service access key

Nearly all of the SBS services require authorization through a service access key (SAK).

You can generate a service access key either from the graphical user interface of the SBS Console (Web UI), or programmatically from GraphQL.

To generate a service access key, the following prerequisites must be in place:

• the application for which you are generating the key must exist in your SBS account.
• the tenant for which you are generating the key must exist in your SBS account.

For an introduction to the SBS account, application, and tenant concepts, refer to the Getting Started tutorial.

Web UI

To generate a service access key through the Web UI:

1. Sign in to the SBS Console.

2. In the left-hand side navigation menu, click Tenants.

3. Click the tenant for which you would like to generate the key.

4. Click the Add button in the top-right corner of the service access keys table. A dialog box appears.

5. Under Applications, select the application for which you are generating the key.

6. Optionally, enter a key description.

7. Optionally, assign a role to the key. The roles available for selection are the ones that were previously created from the Roles page.

8. Optionally, under Scope, enter the extent of permissions available to the bearer of this key. For details, see Scope editor. Note that, if you leave the scope unset, the key bearer will be granted full access to all APIs that require a tenant-level security access key (for the selected app and tenant).

   

9. Click Generate Service Access Key. The key is generated and the dialog box remains open.

10. Click Show Secret Key and copy the private key value. You can now use this value in the x-api-key header when accessing a relevant SBS service.

    

GraphQL

You can also generate a service access key programmatically from GraphQL. For details, see the generateServiceAccessKey mutation of the Account API.