Accessing Key Management

Preconditions

• User has access to the Workspace section.

Steps

1. Navigate to Workspace from the main menu.

2. Click on Keys to access the authentication keys section.

3. Use the search bar or filters to locate specific keys by:

   • Status

   • Authentication type

   • Associated APIs

   • Environment

   • Expiration date

   • Other relevant dates

   • Free-text search

Post-conditions

• The user can view and manage authentication keys based on applied filters.

Creating and Assigning Authentication Keys

Preconditions

• The application is initiating a new subscription to an API.

Steps

1. Open the API Catalog from the main menu.

2. Select the desired API and click Subscribe.

3. A Key Set is automatically generated and linked to the application.

4. If a valid existing Key Set (same app, environment, auth type, and policy) exists, it is reused.

5. The default Key Set name is generated using the authentication type and application name.

Post-conditions

• The application is associated with an authentication key for the selected API.

Key Set Management Rules

Preconditions

• The user initiates a subscription for an API with an authentication policy.

Steps

1. A Key Set is generated for each authentication type of the subscribed API.

2. The Key Set’s policy is based on the API’s assigned Policy Template.

3. A Key Set is reused if:

   • It is linked to the same consumer application, environment, and auth type.

   • Its policy matches the one required by the API.

   • It is still valid (not expired or revoked).

Post-conditions

• A new or reused Key Set is associated with the Subscription, ensuring compliance with policy rules.

Viewing Key Set Details

Preconditions

• The user navigates to Workspace > Keys.

Steps

1. Select a Key Set from the list.

2. The details view displays:

   • Key status (Pending, Active, Suspended, Revoked, Expired)

   • Authorized APIs and related Subscriptions

   • Policy info (expiration, rotation)

   • Lifecycle and event milestones

3. Click Retrieve Credentials to view the key values.

Post-conditions

• The user can inspect all details of the selected Key Set.

Tips

• “LATEST” identifies the most recently generated key.

• Permissions for each action are based on roles (see Admin Functionality → Roles).

• The event milestone timeline shows:

  • Provisioning date (if activated)

  • Rotation/expiration dates (if defined in the policy)

  • Any delay compared to scheduled events

• The "Authorized APIs" tab shows only APIs relevant to the environment and authentication.

• The API name links to its catalog page.

• Subscriptions can be inspected individually.

• You can filter by organization and group.

Suspending and Reactivating a Key Set

Suspending a Key Set

Preconditions

• The Key Set is in Active state.

Steps

1. Open the Key Set details page.

2. Click Suspend.

3. The status updates to Suspended.

Post-conditions

• The key is disabled; API calls using this key will return an error.

Tips

• If suspension fails, the action can be retried.

• Credentials may still be visible based on permissions.

• Suspending an application automatically suspends all associated Key Sets.

Reactivating a Key Set

Preconditions

• The Key Set is currently suspended.

Steps

1. Open the Key Set details page.

2. Click Activate.

3. The status updates to Active.

Post-conditions

• The key is re-enabled for API authentication.

Tips

• Action requires appropriate user role.

• Reactivating an application also reactivates all related Key Sets.

Manual Key Set Regeneration

Preconditions

• The policy assigned to the Key Set allows manual regeneration.

Steps

1. Select the Key Set from Workspace > Keys.

2. Confirm that Manual Regeneration is enabled in its policy.

3. Click Regenerate Key.

4. The previous key is revoked; a new key is issued.

Post-conditions

• A new key is available and linked to the application.

• The old key is permanently disabled.

Tips

• The new key is Suspended if the old one was suspended.

• Regeneration is only available for the LATEST key.

• Timeline is updated with:

  • Revocation date

  • New expiration/rotation dates (if applicable)

Automatic Key Rotation

Preconditions

• The Key Set’s policy includes automatic rotation.

Steps

1. Open the Key Set details page.

2. Confirm rotation is configured in the event milestone section.

3. As the scheduled date approaches, the system auto-generates a new key.

Post-conditions

• The new key replaces the old one without manual intervention.

Tips

• The timeline shows both scheduled and actual rotation dates.

• The new key state (Active or Suspended) depends on the previous one.

• If rotation and expiration are on the same day, rotation takes precedence.

Automatic Key Expiration

Preconditions

• The Key Set’s policy includes expiration.

Steps

1. Open the Key Set details page.

2. Check the expiration schedule in the timeline.

3. At the configured time, the system marks the key as expired.

Post-conditions

• The key is invalidated and no longer usable for API access.

Tips

• The timeline shows both planned and actual expiration dates.

• If expiration coincides with a scheduled rotation, rotation takes priority.

Permanent Key Set Revocation

Preconditions

• The Key Set must be Active or Suspended.

Steps

1. Select the Key Set.

2. Click Revoke Key.

3. Confirm the action.

Post-conditions

• The key is revoked and permanently disabled for use.

Tips

• Roles and permissions must allow this action (see Admin Functionality → Roles).

• The event timeline is updated with the revocation date.