An API key is a secret code that you can use to identify yourself to CentraSite when you interact with API. You generate an API Key in by registering as consumer for the API, and then use the key in interactions with the specific API published to Mediator. Multiple interactions may be performed with the same API key.
The following sections describe the various operations (renew, revoke and delete) you can perform on the API key at the disposal of the API provider (owner of the API).
API keys have an expiration period, which is set by the API provider. After an API key is generated, sometimes the API consumer might have to renew the old key due to expiration or security concerns. The API provider can also change the expiration period for the API key or set it so that the key never expires. For more information, see the section Configuring the API Consumption Settings for API Key Authentication.
To request for renewal of an API key, the following prerequisites must be met:
API provider must have configured the predefined policy API Key Renewal, which enables the CentraSite Administrator, API Provider or
designated approvers to approve or reject the "Renew API Key"
requests. For information, see the section API Key Renewal Policy.
A target instance (for example, Mediator) should be up and running. For information on targets, see the section Run-Time Targets.
The consumer must be a registered consumer for the specified API. For more information on registering as consumers for an API, see Registering as a Consumer for an API.
To renew your API key
Log in to the CentraSite Business UI
Click the profile name in the navigation bar (at the top right of any page).
This displays the User Preferences page.
Display My API Keys.
This shows a list of all your API keys in CentraSite.
Click the 
icon to the right of the API key you wish to
renew.
Important:
If the API key has an unlimited expiration period, the
icon is NOT visible in the user
interface.
Sometimes you might have to require an approval to renew the API key. If your API has the Require Approval configured in the API Consumption Settings, CentraSite will not renew the API key until the required approvals are obtained. However, if an approval workflow is not configured for the API, the API key is renewed immediately. For more information about approval actions, see Working with Approval Workflows.
After renewing the API key, CentraSite automatically publishes the API to the Mediator, triggered by a Deploy Access Key action that is included in the API Key Renewal policy.
Once the API key renewal request is approved by the designated approvers, CentraSite sends an email message to the API consumer informing the new validity of API key.
The API consumer might want to revoke an API key if, for example, the key is no longer needed or if an error is found in the API.
To request for revocation of an API key, the following prerequisites must be met:
API provider must have configured the predefined policy API Key Revocation, which enables the CentraSite Administrator, API Provider or
designated approvers to approve or reject the "Renew API Key"
requests. For information, see the section API Key Revocation Policy.
A target instance (for example, Mediator) should be up and running. For information on targets, see the section Run-Time Targets.
To revoke your API key
Log in to the CentraSite Business UI.
Click the profile name in the navigation bar (at the top right of any page).
This displays the User Preferences page.
Display My Access Keys.
This shows a list of all of your API keys in CentraSite.
Click the 
icon to the right of
the API key you wish to revoke.
A confirmation message appears that the API key will be revoked.
Once the API key revocation is processed, CentraSite sends an email message to the API Consumer informing the request has been processed successfully.
For information about the email notifications for API key revocation, see the section Configuring the email notification for key revocation.
The API key consumer can delete API keys. Deleting an API key permanently removes the key from the CentraSite registry/repository. Deleting an API key will not remove the API that is associated with it.
When you delete an API key, CentraSite removes an entry for the API key (that is, it removes the instance of the API key from CentraSite's object database). Also note that:
An API key can only be deleted if it is already revoked.
You cannot delete an API key that is in the “pending” mode (example, awaiting a renew approval).
You must be a registered consumer for the specified API. For more information on registering as consumers for an API, see Registering as Consumers for an API.
To delete your API key
In CentraSite Business UI, display the details page for the API key that you want to delete. If you need procedures for this step, see the section Viewing the Details for an API.
On the API key’s actions menu, click
Delete (
).
When you are prompted to confirm the delete operation, click .
The API key is permanently removed from the CentraSite registry.
You can delete multiple API keys in a single step. The rules described above for deleting a single API key apply also when deleting multiple API keys.
Important:
If you have selected several API keys where one or more of
them are not already revoked, you can use the
button to delete the keys. However, as you are not allowed to delete unrevoked
keys, only key you have revoked will be deleted.
To delete multiple API keys in a single operation
In CentraSite Business UI, use either the Browse or Search feature to select a set of API keys you want to delete. If you need information on how to browse or search the CentraSite catalog, refer to the section Browsing the CentraSite Catalog or Searching the CentraSite Catalog in the document Managing the CentraSite Catalog.
Mark the checkbox next to the name of each API key you want to delete.
In the actions menu, click Delete
().
Note:
If one or more or the selected APIs is in pending mode (example,
awaiting approval), an error message will appear and no API keys will be
deleted.
