API Keys

When making programmatic calls to the Gremlin API, instead of using your own account profile with your username password credentials, you can leverage team-level API keys. This is akin to having a "service account" in other software products.

To create a new API key

• Go to Company Settings.
• Select your Team.
• Select the API Keys tab.
• Click New API Key button.
• Give your key a unique name and an optional description.
• Click save, and copy your key content for use.

To revoke and reinstate an API Key

• Before you begin, confirm that you have stopped using the API Key.
• Go to Company Settings.
• Select your Team.
• Select the API Keys tab.
• Hover over the 3 dots to the right of your API Key.
• Select Revoke Key or Reinstate Key in the popup.
• If you are revoking a key, confirm by clicking the Revoke button.

Usage

Instead of using a Bearer token, provide the key content in the Authorization Header, prefixed with Key.

1Authorization: Key f02868098b13e4f68da82b0c5e5c950ea750fce53c62d982cdab0c61099e5f98

See Creating Attacks for examples of creating an attack via the API.

Limit

There is a limit of 5 active API Keys per team.

Access

API keys have access levels equivilant to a Company User and Team User for the company and team that the API key was created under.