The Exabeam API uses Oauth to authenticate an API call. Before you can make your first API call, you must create an API key and generate a token.

📘
You can create up to 50 API keys per subscription.

API Key Best Practices

The following best practices for managing Exabeam APIs are recommended:

Create an API key for each use case for easier key rotation, permission scoping, and discrete call monitoring.
Limit API keys to only the required permissions for their intended use cases.
Rotate API keys at a minimum of every 12 months to reduce the risk of compromised credentials.
Store key credentials for developers only in a secrets vault, password manager, or other secure management tool.

Generate an API Key

To create and manage API keys, you must be an administrator with full access to your Exabeam subscription. For information on managing user roles and permissions, see Universal Role-Based Access.

Open the Exabeam Security Operations Platform and on the lower-left side of the page, click Settings , and then click API Keys.
Do one of the following depending on whether there are existing API keys:
- If there are no existing API keys, in the center of the page, click New API Keys.
- If there are existing API keys, click New Keys.
In the New API Key dialog box, do the following:
1. Provide a descriptive Key Name.
2. In the Permissions drop-down menu, select one of the permission sets.
3. Click Create.
  A message displays to indicate that your API key has been successfully created.
  
  Included in the message are the auto-generated Key and Secret strings, which you can copy by clicking their respective copy icons .
  
  🚧
  This is the only instance in which the Secret string is displayed in plain text and not obfuscated to the user.
Click Ok, great!.
The API Keys page refreshes to show your new API key.
Click the respective copy icons to copy the Key and Secret strings.

API Rate Limits

Observe the following rate limits when using the Exabeam API:

Area	Request Limits
Authentication API	50 requests in 5 minutes per client source IP address
Public APIs	100 requests in 1 minute per client source IP address

Edit a Key

If needed, you can edit the name or permissions for a key but cannot change the key value and secret. If you need to generate a new key or secret, create a new API key.

Open the Exabeam Security Operations Platform and on the lower-left side of the page, click the Settings icon, and then click API Keys.
(Optional) To search for API keys by either a Name, Key, or Created By value, click in the Search box and enter the value.
The API keys are filtered by the entered value.
Click the more (...) menu icon in the row of the key to view supported actions.
Click Edit.
Modify the desired key attribute: Key Name and Permissions as needed. For more information about permissions, see User Permissions.
Click Update to save your changes.

Delete a Key

If a key is no longer needed such as due to a use case that is no longer needed, you can permanently delete the key. When you delete a key, any subsequent attempts to authenticate using the key will be denied.

Open the Exabeam Security Operations Platform and on the lower-left side of the page, click the Settings icon, and then click API Keys.
(Optional) To search for API keys by either a Name, Key, or Created By value, click in the Search box and enter the value.
The API keys are filtered by the entered value.
Click the more (...) menu icon in the row of the key to view supported actions.
Click Delete and then click Delete again to confirm.