New API Keys UI

Conversation Hub Product Updates
, , , ,
#1

I’m happy to announce that New Relic has just released a new UI to manage User API keys, Ingest license keys, and Ingest browser keys all in one place.

You can access the API Keys UI by navigating to Account Settings > API keys

User API keys can now be used for all of New Relic’s REST API and NerdGraph API endpoints, including those required for New Relic’s Terraform integration. And User API keys respect a user’s permissions that have been assigned, which makes them more flexible than any other type of key that New Relic provides.

Please note REST API keys and Admin User API keys will continue to work as before. If you’re still looking for the old API keys page for your REST API key or Admin API keys, you can click the links for “Admin User API keys” or REST API key on the right side of the page.

3 Likes
#2

This is great and will no doubt make API interactivity much simpler.

Does the User API key have the same level of access permission as an Admin User REST API key?

#3

@rishav.dhar Great question! Let me follow up on this with the team and I’ll try and get an update as soon as possible.

#4

This is a great addition especially having accounts that are single sign on accounts. I have noticed in the past that sso accounts, when it comes to user api key generation, were handled a bit different.

Couple of suggestions regarding this:

  • If possible, all API keys should be managed through a single location, I don’t see why we go up to three different locations based on what types of key we are generating.
  • Cloudflare has a very cool api key management interface that I think could be used here as well.
    ** Tools such as giving granular permissions to api keys, such as only being able to read, or only being able to write
    ** API keys where we can have them auto expire on a given date/time

Overall just having a one stop shop for api key management / licenses across all New Relic products.

#5

Hi @rishav.dhar - the User API key can now be used on all endpoints that an Admin API key could previously be used for AND all NerdGraph endpoints as well!

Additionally, the User API key respects the permissions and access a user has already been assigned. Admin API keys are “all or nothing” and don’t allow flexibility for a use case where a user should be able to manage some feature configuration but not all.

An example of how a User API key differs would be for a user with permissions to manage Synthetics monitors and no other configuration. That user could use their User API key to manage Synthetics monitor as well, but the key would be read only in regards to all other features.

We have more information on our Types of API Keys documentation.

2 Likes
#6

Hi @dkamenov - thanks for sharing examples of API key features that you’ve enjoyed using!

We are planning to move all of our keys to be available via NerdGraph and in this UI, but we’re not quite there yet.

I do have good news for you about being able to manage the level of access for API keys. User API keys do respect the level of permissions and access that the user has already been assigned. These are tied to users though, so there is not currently a way to create such a key independently of a user record. If you have any examples of products that do this in a way that you really enjoy, we’d love to hear about those!

1 Like
#7

Thanks for the clarification, @rknotts, much appreciated.

And I guess this ties in with the recent migration of Admin API keys to User API keys as well.