The API Key Management section in Settings allows you to securely create, manage, and revoke API keys used to integrate Qevlar services into your workflows.
Adding a New API Key
- Click Add Key to generate a new API key.
- Keys are automatically:
- Generated securely by the platform
- Valid for 1 year from the time of creation
- Each key is displayed in the Active API Keys table along with:
- Date Added
- Expiry Date
- Optional Comment (to note purpose, system, or owner)
Managing API Keys
In the Active API Keys table, you can:
- Reveal/Hide the full key for secure use
- Copy the key to your clipboard
- Edit comments to update or clarify usage
- Delete (Revoke) a key if it’s no longer needed
Revoking an API Key
Revoking an API key will:
- Immediately disable the key
- Cut off all access for any systems or users relying on it
warning
This action is permanent and cannot be undone. If a system requires continuous access, generate a new key and update it before revoking the old one.
Best Practices
- Rotate keys regularly for security (before the 1 year expiration).
- Use comments to label keys clearly (e.g., “SIEM integration” or “Automation script”).
- Revoke keys immediately if a system is decommissioned or a user leaves your organization.
- Treat your API key like a password: do not share it and store it securely.