API key management | Kontent.ai Learn

API key overview

Delivery API keys

Delivery API keys are shared between all Project managers on the project. Use Delivery API keys to retrieve content from Delivery REST API and Delivery GraphQL API in two ways:

Get published content from environments with secure access enabled. If secure access is disabled, you don’t need an API key because your content is publicly accessible.
Preview the latest content from environments. You always need an API key to preview content.

Check the Delivery API reference for more details about Delivery API keys.

Management API keys

Management API keys, also called personal API keys, are unique to each Kontent.ai user. Whenever you make a content change via API using your personal API key, the change is tied to your user account and can be viewed in the version history or audit log. Use the personal API keys to manage your project’s environment and its content via Management API. For example, to perform content migrations or integrate with third-party services. Check the Management API reference for more details about Management API keys.

Who can manage API keys?

Project managers can manage all API keys created in all project environments.

For Delivery API keys, this means project managers can view the API key value, change the API key configuration, or revoke the API key.
For Management API keys, which are personal to each user, project managers can only revoke the personal API keys without the ability to view the API key value.

Other users can view Delivery API keys only if any of the API keys are shared with them. Users with the Create a personal API key permission (and project managers) can create their own personal API keys for using Management API. Only the owners of the personal API keys can view the API key’s value.

Manage API keys

To create and manage your API keys, you need to go to your project’s settings.

In Kontent.ai, click the left drop-down at the top to open a list of projects.
For the project you want to manage, click .

Then in Project settings > API keys, you can manage existing API keys and create new ones for specific environments in your project. The list of API keys shows you all the API keys you have permission to access.

Create Delivery API keys

You can create as many Delivery API keys as you need. For example, you can have a Delivery API key for previewing content and another API key for getting published content.

On the Delivery API keys tab, click Create Delivery API key.
In Expiration date, choose when you want the API key to expire.
In Name, type the name of the API key.
(Optional) In Users with access to this API key, allow specific users to view and copy the API key.
In Delivery API access, select what kind of content can be read with the API key.
- To get published content from environments with secure access enabled, select Secure access.
- To preview the latest content, select Content preview.
(Optional) In Limitations, you can adjust the API key scope to specific environments.
Click Save changes.
In the API key field, copy the API key’s value using .

Create Management API keys

Users can create a single personal API key for making Management API requests. The personal API key dynamically inherits the current permissions of the API key owner. Personal API keys cannot be renamed. The name follows the pattern User Name's key. For example, Joe Daxner's key.

On the Management API keys tab, click Create Management API key.
In Expiration date, choose when you want the API key to expire.
Click Save changes.
In the API key field, copy the API key’s value using .

Set API key expiration

The default and recommended API key expiration lengths differ for Delivery API and Management API.

For Management API keys, the default expiration length is six months. The expiration length can vary from 1 minute to 2 years.
For Delivery API keys, the default expiration length is one year. The expiration length can vary from 1 minute to 5 years.

Before the API keys expire, Project managers and API key owners receive email reminders.

Revoke API keys

If you suspect unauthorized API key usage, you need to switch to a new API key in your apps and revoke the old API key. For example, when a user leaves your company. When you revoke an API key, the API key becomes invalid and is removed from the list of API keys. The revocation process can take up to a couple of minutes. Any requests made with a revoked API key end with the 401 Unauthorized error.

In Project settings > API keys.
On either the Delivery API keys or Management API keys tab, choose an API key to view its details.
Click Revoke.
In the confirmation dialog, click Revoke.

Regenerate API keys

We recommend regenerating the API keys when users are removed from the project’s environment or subscription. For example, depending on the user’s access level, you might want to regenerate the shared Delivery API keys. When you regenerate your API key, the API key is revoked after a few minutes, and you get a new API key immediately.

In Project settings > API keys.
On either the Delivery API keys or Management API keys tab, choose an API key to view its details.
Click Regenerate.