Differences

This shows you the differences between two versions of the page.

--- devops:monitoring:datadog:api_and_application_keys [2025/02/14 09:33] – created 85.219.17.206
+++ devops:monitoring:datadog:api_and_application_keys [2025/02/14 09:38] (current) – 85.219.17.206
@@ Line 1: / Line 1: @@
-API and Application Keys
+====== API and Application Keys ======
-Docs >  Account Management >  API and Application Keys
-API keys
+===== API keys =====
 API keys are unique to your organization. An API key is required by the Datadog Agent to submit metrics and events to Datadog.
-Application keys
+===== Application keys =====
 Application keys, in conjunction with your organization’s API key, give users access to Datadog’s programmatic API. Application keys are associated with the user account that created them and by default have the permissions and scopes of the user who created them.
@@ Line 15: / Line 17: @@
 Notes:
-    Users or service accounts with permissions to create or edit application keys can scope application keys. A user must have the user_app_keys permission to scope their own application keys, or the org_app_keys_write permission to scope application keys owned by any user in their organization. A user must have the service_account_write permission to scope application keys for service accounts.
+Users or service accounts with permissions to create or edit application keys can scope application keys. A user must have the user_app_keys permission to scope their own application keys, or the org_app_keys_write permission to scope application keys owned by any user in their organization. A user must have the service_account_write permission to scope application keys for service accounts.
-    Application owners cannot authorize an application if they are missing any required permissions, even if they scope an application key with authorization scopes that they do not have.
-    Errors due to missing permissions when writing application keys or authorizing applications will display a 403 Forbidden error. More information about various error responses can be found in the Datadog API documentation.
+Application owners cannot authorize an application if they are missing any required permissions, even if they scope an application key with authorization scopes that they do not have.
-    If a user’s role or permissions change, authorization scopes specified for their application keys remain unchanged.
+Errors due to missing permissions when writing application keys or authorizing applications will display a 403
+Forbidden error. More information about various error responses can be found in the Datadog API documentation.
+If a user’s role or permissions change, authorization scopes specified for their application keys remain unchanged.
+===== Client tokens =====
-Client tokens
 For security reasons, API keys cannot be used to send data from a browser, mobile, or TV app, as they would be exposed client-side. Instead, end user facing applications use client tokens to send data to Datadog.
@@ Line 26: / Line 34: @@
 Several types of clients submit data that requires a client token, including the following examples:
-    The log collectors for web browser, Android, iOS, React Native, Flutter, and Roku submit logs.
+  *     The log collectors for web browser, Android, iOS, React Native, Flutter, and Roku submit logs.
-    Real User Monitoring applications submit events and logs.
+  *     Real User Monitoring applications submit events and logs.
 Client tokens are unique to your organization. To manage your client tokens, go to Organization Settings, then click the Client Tokens tab.
@@ Line 36: / Line 44: @@
 To add a Datadog API key or client token:
-    Navigate to Organization settings, then click the API keys or Client Tokens tab.
+  *  Navigate to Organization settings, then click the API keys or Client Tokens tab.
-    Click the New Key or New Client Token button, depending on which you’re creating.
+  *  Click the New Key or New Client Token button, depending on which you’re creating.
-    Enter a name for your key or token.
+  *  Enter a name for your key or token.
-    Click Create API key or Create Client Token.
+  *  Click Create API key or Create Client Token.
 Navigate to the API Keys page for your organization in Datadog
@@ Line 45: / Line 53: @@
 Notes:
-    Your org must have at least one API key and at most 50 API keys.
+  * Your org must have at least one API key and at most 50 API keys.
-    Key names must be unique across your organization.
+  * Key names must be unique across your organization.
-    Newly created API keys typically take a few seconds to become valid.
+  * Newly created API keys typically take a few seconds to become valid.
+===== Remove API keys or client tokens =====
-Remove API keys or client tokens
 To remove a Datadog API key or client token, navigate to the list of keys or tokens, and click the trash can icon with Revoke next to the key or token you want to remove.
@@ Line 59: / Line 68: @@
 Notes:
-    Application key names cannot be blank.
+  *  Application key names cannot be blank.
-    Newly created Application keys typically take a few seconds to become valid.
+  *  Newly created Application keys typically take a few seconds to become valid.
-Remove application keys
+===== Remove application keys =====
 To remove a Datadog application key, navigate to Organization Settings > Application Keys. If you have the permission to create and manage application keys, you can see your own keys and click Revoke next to the key you want to revoke. If you have the permission to manage all org application keys, you can search for the key you want to revoke and click Revoke next to it.
@@ Line 71: / Line 80: @@
 Notes:
-    Scope names are case-sensitive.
+  *  Scope names are case-sensitive.
+===== Using multiple API keys =====
-Using multiple API keys
 Consider setting up multiple API keys for your organization. For example, use different API keys for each of your various deployment methods: one for deploying an Agent on Kubernetes in AWS, one for deploying it on prem with Chef, one for Terraform scripts that automate your dashboards or monitors, and one for developers deploying locally.
@@ Line 80: / Line 90: @@
 If your organization needs more than the built-in limit of 50 API keys, contact Support to ask about increasing your limit.
-Disabling a user account
+===== Disabling a user account =====
 If a user’s account is disabled, any application keys that the user created are revoked. Any API keys that were created by the disabled account are not deleted, and are still valid.
@@ Line 94: / Line 106: @@
 Note: Revoking an active key may cause an impact to your services. If the scope of usage is large or undetermined, consider steps 2-5 before revoking the affected key.
-    Revoke the affected key.
+  *   Revoke the affected key.
-    Remove code containing the private key from any publicly accessible files:
+  *     Remove code containing the private key from any publicly accessible files:
-        Publish the sanitized file to your public repository.
+  *         Publish the sanitized file to your public repository.
-        Remove the sensitive data from your commit history.
+  *         Remove the sensitive data from your commit history.
-    Create a new key.
+  *     Create a new key.
-    Update affected services with the new key.
+  *     Update affected services with the new key.
-    Review your account for any unapproved access:
+  *     Review your account for any unapproved access:
-        Users that have been recently added
+  *         Users that have been recently added
-        New resources
+  *         New resources
-        Roles or permission changes
+  *         Roles or permission changes
 If any unusual activity is identified, or you need additional help securing your account, contact Datadog support.