API keys enable you to power custom connections with Workbench through Workbench API. To organize your API keys, use service accounts. 

Note

Each service account can contain multiple API keys. The role and restrictions of a service account apply to all API keys assigned to this account.

Note

To manage service accounts and API keys, you need administrator permissions.

To learn how to use the Expel API, see the Workbench API documentation.

Managing service accounts

In this section, you can learn how to do the following:

Create a service account

  1. In Workbench, click Organization Settings > Service Accounts.

  2. In the upper right corner, click Add Service Account.

    Screenshot with the Add Service Account button shown
  3. In the Add Service Account dialog box, do the following:

    1. In Service account name, type the name of your new service account.

    2. From Workbench service account role, select a role.

      • Organization Admin can access all the API calls in Workbench.

      • Organization Analyst can perform tasks like marking investigative actions as complete, but can’t perform administrative tasks, like adding users.

      Note

      For each role, you can make the API key read-only.

    3. To create a read-only service account, click the Read-only Access checkbox.

      Screenshot of the Add Service Account dialog box
  4. Click Save.

    You can now create API keys under your new service account.

    An example new active service account

Edit a service account

  1. In Workbench, click Organization Settings > Service Accounts.

  2. Find the service account you want to edit.

  3. To the right of Generate API Key, click the arrow and click Edit.

    Active service account with the "Edit" dropdown option visible
  4. In the Edit Service Account dialog box, do any of the following:

    • In Service account name, change the name of the service account.

    • From Workbench service account role, select a role.

      • Organization Admin can access all the API calls in Workbench.

      • Organization Analyst can perform tasks like marking investigative actions as complete, but can’t perform administrative tasks, like adding users.

      Note

      When you change the role of a service account, this role changes for all associated API keys.

    • Change the read-only settings.

    Edit Service Account dialog box
  5. Click Save.

Disable a service account

  1. In Workbench, click Organization Settings > Service Accounts.

  2. Find the service account you want to disable.

  3. To the right of Generate API Key, click the arrow and click Disable.

    Active service account with the "Disable" dropdown option visible

    The account and all associated API keys are disabled.

Enable a disabled service account

  1. In Workbench, click Organization Settings > Service Accounts.

  2. Find the service account you want to enable.

  3. To the right of Generate API Key, click the arrow and click Enable.

    Disabled service account with the "Enable" dropdown option visible

    The account and all associated API keys are enabled.

Delete a service account

Caution

You can’t restore a deleted service account.

Caution

Deleting a service account also deletes all associated API keys.

  1. In Workbench, click Organization Settings > Service Accounts.

  2. Find the service account you want to delete.

  3. To the right of Generate API Key, click the arrow and click Delete.

    Active service account with the "Delete" dropdown option visible

    The account and all associated API keys are deleted.

Managing API keys

With service accounts, you can access and manage API keys. In this section, you can learn how to do the following:

Create an API key

  1. To the right of a service account, click Generate API Key.

    An active service account and the Generate API key button
  2. In the API key name field, enter the name of your new API key, and click Next.

  3. From the Generate API Key dialog box, copy the API key and save it in a safe location.

    Caution

    When you finish the process and click Done, you can’t access this API key again.

  4. Click Done.

Delete an API key

Caution

You can’t restore a deleted API key.

Caution

Before deleting an API key, make sure it isn’t used by critical services or processes.

  1. Find the service account with the API key you want to delete.

    A screenshot of an API key name with a trash icon next to the name
  2. Next to the name of the API key, click the Trash icon.

  3. Click Delete.