Orchestrator > Orchestrator Server > Users & Authentication > API Keys
Use this page to allow your applications to utilize REST APIs without session authentication and management. You can specify permissions, status, name, and IP allow list for your API keys.
An API key can be passed either in the HTTP request header field X-Auth-Token or as a query parameter apiKey.
NOTE: It is recommended to use different keys for different applications and users.
To add and define a new API key, click the Edit icon and configure the fields below.
|Key Name||Name of the key you are creating.|
|Key||Text you cut, paste, and insert into your client code.|
|Permission||Read-Only or Read-Write.|
|Description||Enter details in this field that describe the purpose of the key you are configuring.|
|Expiration||Set the expiration date if you want a certain application or script to access the key for a fixed amount of time.|
|Active||To display if the key is active or inactive, select Yes or No.|
|IP Allow List||Filters traffic to your private resources through this specified IP range. Traffic is able to pass through with the IP addresses defined in this field.|