Only Administrators can manage API keys.

Create an API key

  1. Click System > API Keys > New API Keys.
  2. Choose Generate key pair or Upload existing public key:
    • Generate key pair (recommended): The browser generates an ES256 (ECDSA P‑256) key pair. The public key is uploaded automatically. The private key is generated only once in the browser. It should be downloaded and stored securely immediately. Automate MFT only stores the public key. The API user stores the private key locally and uses it to generate tokens to login and run APIs.
    • Upload existing public key: Upload a PEM public key created externally. ES256 is recommended. When uploading, additional algorithms such as RSA (2048+) and Ed25519 may also be accepted. Check the UI for the allowed options in your environment.
  3. Enter the Create an API key details:
    • Name: Provide a unique name (required).
    • Description: Optionally, add a description for context.
  4. On the IP Access tab, configure the network access controls (IP allowlists). This allow admins to restrict API access so that only calls originating from specific public IPs or CIDR ranges are accepted.
    • Tenant Selection: Tenant selection is defined on the System > Tenant settings page.
    • Manual Selection: Enter specific IP addresses and ranges.
    The default setting permits all access.

Edit an API key

  1. Select an API key from the list. Double-click or click the edit icon ().
  2. Edit the API key details.
  3. Click Save.

Delete an API key

  1. Select an API key from the list.
  2. Click the The more options menu () followed by Delete.
  3. Any integrations using this key will stop working immediately. Click Delete to confirm.