Service access keys (tenant-level)

Nearly all SBS services require authorization at tenant level, through a service access key (SAK). You can create and manage such service access keys either from the graphical user interface of the SBS Console (Web UI), or programmatically from GraphQL.

To generate a service access key, the following prerequisites must be in place:

the application for which you are generating the key must exist in your SBS account. See also Create an application.
the tenant for which you are generating the key must exist in your SBS account. See also Create a tenant.

For an introduction to the SBS account, application, and tenant concepts, refer to the Getting Started tutorial.

Generate a service access key

To generate a service access key:

Sign in to the SBS Console.
In the left-hand side navigation menu, click Tenants.
Click the tenant for which you would like to generate the key.
Click the Add button in the top-right corner of the service access keys table. A dialog box appears.
Under Applications, select the application for which you are generating the key.
Optionally, enter a key description.
Optionally, assign a role to the key. The roles available for selection are the ones that were previously created from the Roles page.
Optionally, under Scope, enter the extent of permissions available to the bearer of this key. For details, see Scope editor.

CAUTION: The access rights of a service access key are determined by its Role and Scope attributes. If no Role or Scope is defined, the key has full-access rights. If Role is present but Scope is not, the key has the permissions defined in the role. If Scope is present but Role is not, the key has the permissions defined in the scope. If both Role and Scope are present, the key has the aggregated set of permissions of both.

Click Generate Service Access Key. The key is generated and the dialog box remains open.
Click Show Secret Key and copy the private key value. You can now use this value in the x-api-key header when accessing a relevant SBS service.

Update a service access key

To update the description, role, and scope of a service access key:

Sign in to the SBS Console.
In the left-hand side navigation menu, click Tenants.
Click a tenant to see the available service access keys in the right pane.
Click the Edit button next to the key that you want to update. A dialog box appears.
Change the role, scope or description of the key as required.

Click Save.

Delete a service access key

To delete a service access key:

Sign in to the SBS Console.
In the left-hand side navigation menu, click Tenants.
Click a tenant to see the available service access keys in the right pane.
Click Delete next to the key you want to delete.

CAUTION: Deleting a key removes access to the API to all bearers of the respective key.

GraphQL

You can also generate, update and delete service access keys programmatically from GraphQL. For details, see the Account API Reference, and, in particular, the following mutations:

Create a tenant Deny service access

SBS Accounts

Applications

Tenants

Portal Users

Roles

Service access keys (tenant-level)

Generate a service access key

Update a service access key

Delete a service access key

GraphQL

Read more