API Key Management

The AppSentinels API Security Platform enables seamless integration with third-party tools such as SIEM and SOAR through secure API access. To use these APIs, two levels of authentication are required:

API Key (Organization Level)

Scope: Organization-wide. Applies to all APIs across every application within the organization.

Purpose: Can be used to integrate with external systems like log aggregators, ticketing tools, or monitoring platforms.

Multiple Keys: You can create multiple API keys for different use cases, each with unique names and descriptions for easy identification.

How to Create an API Key:

Navigate to Organization → Settings → API Key Management → Create New Key

You will be prompted to:

Enter a Key Name
Define Allowed IP Addresses (e.g., restrict access to specific IPs or CIDR ranges; use 0.0.0.0/0 to allow all)
Provide a Key Description

API Keys List

Once created, API keys will appear in the API Keys Management table.

API Key values can be copied directly from this list for use in integrations. API Keys can be deleted from this table when they are no longer in use.

The API Key table includes the following columns:

Key Name
Description
Masked Key Value (with options to copy or reveal)
Allowed IP Addresses
Action (to delete)

User Key (Application Level)

Scope: Tied to a specific user and application.

Purpose: Adds user-level traceability and control on API usage.

How to Generate a User Key

Navigate to Application → Settings → My Settings → Generate Key

Using the API Keys in Requests

When calling AppSentinels APIs, include both keys in the headers:

        
          Header: apikey → API Key generated at the organization level

          Header: x-user-key → User Key generated for the specific application
          user

This dual-key approach ensures both organizational and user-level authentication and accountability.