Generating an API key for programmatic access

Use the Roles page to generate an API key that allows you the programmatic access to the BMC Helix Capacity Optimization functionalities. You can use this key to authenticate the user to connect to the Helix Capacity Optimization Console when activating the custom ETL package using the ETL Development Kit (EDK), when installing the remote ETL Engine, or to call the public APIs.

To generate the API key

  1. Log in to the Helix Capacity Optimization Console.
  2. Select Administration > Users > Roles.
    The Roles page shows a summary table listing the currently defined user roles, their description, and the associated Helix SSO (local or integrated LDAP) groups as external names, if applicable.
  3. Click the role name for which you want to generate the API key. 
    The detail page for the selected role is displayed in the working area, listing all activities assigned to the role.
    To use the API key in the EDK, you need to generate the key using the role that has the CUSTOM_ETL_DEPLOYMENT activity assigned. To use the key to call the public APIs, generate the key using the role that has activities related to public APIs, for example, Enable read access to Chargeback API.

    role_generate_key.PNG
  4. Click Generate API key
  5. On the Generate API key page, set the expiration date for the API key that is being generated. The expiration date is the date when the API key will no longer be useful for authentication. The default expiration date is one month from the date of the API key generation. You can also choose to not set the expiration date.
  6. Click Generate. The credentials are encrypted and downloaded as the credentials.key file.

Contents of the credentials.key file

The credentials.key file contains the following:

  • COConsoleURL: The URL of the Helix Capacity Optimization Console from where you generated the API key.
  • Authorization: The authorization key. The token includes the role ID that generated the key, activities assigned to the role at the time of creation, and the expiration date of the key. After the key is generated, if there are any changes to the activities assigned to the role that generated the key, those changes will not be reflected in the already generated key. You can use this authorization key to make authenticated calls to any API. For more information, see Accessing-the-public-APIs.

Example of the credentials.key file

{

"COConsoleURL":"https://coconsole:8443",

"Authorization":"Bearer eyJ0eXGciO...iJSUzIJzdWIiOiJFVEwgRU...NTc0NjQ0MDB9.o86LJGIt5nK5cWOUOoDaf...MF3o4N9baGWlQ"

}

To revoke API keys

You can revoke all the generated API keys in the following scenarios:

  • You no longer need these keys.
  • You want to safeguard your environment against unauthorized access.

Revoking keys deactivates them at once, thereby restricting the unauthorized access.

Prerequisites

Ensure that the WEB_ADMIN_USERS_ROLES_ASSIGNABLE activity is assigned to you. For information about assigning activities, see Configuring-user-roles-and-access-groups.

To revoke API keys, do the following:

  1. Log in to the Helix Capacity Optimization Console.
  2. Navigate to Administration > Users > Roles.
  3. Click Revoke All API Keys.
  1. In the confirmation window, click Proceed.
    A message about the successful revocation is displayed. All the API keys generated till the current date are revoked.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*