API keys

API keys can be used by developers to gain programmatic access to the Qlik platform, acting as their own user.

Endpoints

GET

/api/v1/api-keys
POST

/api/v1/api-keys
GET

/api/v1/api-keys/{id}
PATCH

/api/v1/api-keys/{id}
DELETE

/api/v1/api-keys/{id}
GET

/api/v1/api-keys/configs/{tenantId}
PATCH

/api/v1/api-keys/configs/{tenantId}

Lists API keys for the tenant. To list API keys owned by other users, requesting user must be assigned the TenantAdmin role.

Facts

Rate limit	Tier 1 (1000 requests per minute)
Categories	authenticate

Query Parameters

createdByUserstring

The user ID that created the API key.

format = "uid"
endingBeforestring

Get resources with IDs that are lower than the target resource ID. Cannot be used in conjunction with startingAfter.

format = "uid v4"
limitnumber

Maximum number of API keys to retrieve.

minimum = 1, maximum = 100, default = 20, default = 20
sortstring

The field to sort by, with +/- prefix indicating sort order

Can be one of: "createdByUser""+createdByUser""-createdByUser""sub""+sub""-sub""status""+status""-status""description""+description""-description""created""+created""-created"

default = "-created"
startingAfterstring

Get resources with IDs that are higher than the target resource ID. Cannot be used in conjunction with endingBefore.

format = "uid v4"
statusstring

The status of the API key.

Can be one of: "active""expired""revoked"

format = "text"
substring

The ID of the subject. For SCIM the format is SCIM\\{{IDP-ID}}, where {{IDP-ID}} is the ID of the IDP in Qlik. For users, use their user ID, e.g. 64ef645a3b7009d55dee5a2b.

format = "uid"

Responses

200

The list API keys result.

application/jsonobject
Show application/json properties
- dataarray of objects
  Required
  
  Properties of API keys in a given tenant.
  
  Show data properties
  
  idstring
  Required
  
  The unique ID for the resource.
  
  format = "uid"
  
  substring
  Required
  
  The ID of the subject for the API key. For SCIM the format is SCIM\\{{IDP-ID}}, where {{IDP-ID}} is the ID of the IDP in Qlik. For users, use their user ID, e.g. 64ef645a3b7009d55dee5a2b.
  
  expirystring
  Required
  
  When the API key will expire and no longer be a valid authentication token.
  
  format = "date-time"
  
  statusstring
  Required
  
  The status of the API key.
  
  Can be one of: "active""expired""revoked"
  
  createdstring
  
  When the API key was created.
  
  format = "date-time"
  
  subTypestring
  Required
  
  Type of the subject. For SCIM, it should be externalClient.
  
  Can be one of: "user""externalClient"
  
  tenantIdstring
  Required
  
  The tenant ID.
  
  format = "uid"
  
  descriptionstring
  Required
  
  A description for the API key.
  
  lastUpdatedstring
  
  When the API key was last updated.
  
  format = "date-time"
  
  createdByUserstring
  Required
  
  The ID of the user who created the key.
  
  format = "uid"
- linksobject
  Required
  
  Navigation links to page results.
  
  Show links properties
  
  nextobject
  
  Show next properties
  
  hrefstring
  Required
  
  The URL for the link.
  
  format = "uri"
  
  prevobject
  
  Show prev properties
  
  hrefstring
  Required
  
  The URL for the link.
  
  format = "uri"
  
  selfobject
  Required
  
  Show self properties
  
  hrefstring
  Required
  
  The URL for the link.
  
  format = "uri"

400

Invalid request was made.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

403

Requestor not allowed to list API keys.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

429

Request has been rate limited.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

GET /api/v1/api-keys

curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys" \
-H "Authorization: Bearer <access_token>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)

This API is not included yet in qlik-cli

Response

{
  "data": [
    {
      "id": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
      "sub": "SCIM\\\\215g5595380d646163cadbb9",
      "expiry": "2018-10-30T07:06:22Z",
      "status": "active",
      "created": "2018-10-30T07:06:22Z",
      "subType": "user",
      "tenantId": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
      "description": "string",
      "lastUpdated": "2018-10-30T07:06:22Z",
      "createdByUser": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69"
    }
  ],
  "links": {
    "next": {
      "href": "string"
    },
    "prev": {
      "href": "string"
    },
    "self": {
      "href": "string"
    }
  }
}

Creates an API key, either for a user, or for configuring SCIM for a compatible Identity Provider. Sending sub and subType is required only for creating SCIM keys.

Facts

Rate limit	Tier 2 (100 requests per minute)
Categories	authenticate

Request Body

Required

Properties that the user wants to set for the API key.

application/jsonobject
Show application/json properties
- substring
  
  The ID of the subject for the API key. For SCIM the format is SCIM\\{{IDP-ID}}, where {{IDP-ID}} is the ID of the IDP in Qlik. When creating an API key for a user, this is their user ID, e.g. 64ef645a3b7009d55dee5a2b, and will default to the requesting user if not provided. User must be assigned the Developer role.
- expirystring
  
  The expiry of the API key, in ISO8601 duration format. For example, P7D sets expiry after 7 days. If not provided, defaults to the maximum API key or SCIM key expiry configured in the tenant.
- subTypestring
  
  Type of the subject. For SCIM, it should be externalClient. If not specified, defaults to user.
  
  Can be one of: "user""externalClient"
  
  default = "user"
- descriptionstring
  Required
  
  Text that describes the API key.

Responses

201

Created the API key successfully.

application/jsonobject
Show application/json properties
- idstring
  Required
  
  The unique ID for the resource.
  
  format = "uid"
- substring
  Required
  
  The ID of the subject for the API key.
  
  format = "uid"
- tokenstring
  Required
  
  The generated signed JWT.
- expirystring
  Required
  
  When the API key will expire and no longer be a valid authentication token.
  
  format = "date-time"
- statusstring
  Required
  
  The status of the API key.
  
  Can be one of: "active""expired""revoked"
- createdstring
  
  When the API key was created.
  
  format = "date-time"
- subTypestring
  Required
  
  Type of the subject.
  
  Can be one of: "user"
- tenantIdstring
  Required
  
  The tenant ID.
  
  format = "uid"
- descriptionstring
  Required
  
  A description for the API key.
- lastUpdatedstring
  
  When the API key was last updated.
  
  format = "date-time"
- createdByUserstring
  Required
  
  The id of the user who created the key.
  
  format = "uid"

400

Invalid request was made.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

403

Requestor not allowed to create an API key

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

429

Request has been rate limited.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

default

Unexpected error.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

POST /api/v1/api-keys

curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys" \
-X POST \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '{"sub":"SCIM\\\\215g5595380d646163cadbb9","expiry":"P7D","subType":"user","description":"string"}'

const https = require('https')
  const data = JSON.stringify({"sub":"SCIM\\\\215g5595380d646163cadbb9","expiry":"P7D","subType":"user","description":"string"})
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys',
    'method': 'POST',
    'headers': {
      'Content-type': 'application/json',
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  req.write(data)

This API is not included yet in qlik-cli

Request

{
  "sub": "SCIM\\\\215g5595380d646163cadbb9",
  "expiry": "P7D",
  "subType": "user",
  "description": "string"
}

Response

{
  "id": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
  "sub": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
  "token": "string",
  "expiry": "2018-10-30T07:06:22Z",
  "status": "active",
  "created": "2018-10-30T07:06:22Z",
  "subType": "user",
  "tenantId": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
  "description": "string",
  "lastUpdated": "2018-10-30T07:06:22Z",
  "createdByUser": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69"
}

Returns the API key for a given API key ID.

Facts

Rate limit	Tier 1 (1000 requests per minute)
Categories	authenticate

Path Parameters

idstring
Required

The ID of the API key to be retrieved.

format = "uid"

Responses

200

Returns an API key resource.

application/jsonobject
Show application/json properties
- idstring
  Required
  
  The unique ID for the resource.
  
  format = "uid"
- substring
  Required
  
  The ID of the subject for the API key. For SCIM the format is SCIM\\{{IDP-ID}}, where {{IDP-ID}} is the ID of the IDP in Qlik. For users, use their user ID, e.g. 64ef645a3b7009d55dee5a2b.
- expirystring
  Required
  
  When the API key will expire and no longer be a valid authentication token.
  
  format = "date-time"
- statusstring
  Required
  
  The status of the API key.
  
  Can be one of: "active""expired""revoked"
- createdstring
  
  When the API key was created.
  
  format = "date-time"
- subTypestring
  Required
  
  Type of the subject. For SCIM, it should be externalClient.
  
  Can be one of: "user""externalClient"
- tenantIdstring
  Required
  
  The tenant ID.
  
  format = "uid"
- descriptionstring
  Required
  
  A description for the API key.
- lastUpdatedstring
  
  When the API key was last updated.
  
  format = "date-time"
- createdByUserstring
  Required
  
  The ID of the user who created the key.
  
  format = "uid"

403

Requestor not allowed to query this API key.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

404

API key was not found.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

429

Request has been rate limited.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

default

Unexpected error.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

GET /api/v1/api-keys/{id}

curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys/{id}" \
-H "Authorization: Bearer <access_token>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys/{id}',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)

This API is not included yet in qlik-cli

Response

{
  "id": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
  "sub": "SCIM\\\\215g5595380d646163cadbb9",
  "expiry": "2018-10-30T07:06:22Z",
  "status": "active",
  "created": "2018-10-30T07:06:22Z",
  "subType": "user",
  "tenantId": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
  "description": "string",
  "lastUpdated": "2018-10-30T07:06:22Z",
  "createdByUser": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69"
}

Updates an API key description for a given API key ID.

Facts

Rate limit	Tier 2 (100 requests per minute)
Categories	authenticate

Path Parameters

idstring
Required

The ID of the API key resource to be updated.

format = "JWT ID (jti)"

Request Body

Required

Properties that the user wants to update for the API key.

application/jsonarray of objects

A JSON Patch document as defined in https://datatracker.ietf.org/doc/html/rfc6902.
Show application/json properties
- opstring
  Required
  
  The operation to be performed.
  
  Can be one of: "replace"
- pathstring
  Required
  
  The path for the given resource field to patch.
  
  Can be one of: "/description"
- valuestring
  Required
  
  The value to be used for this operation.

Responses

204

API key updated successfully.

400

Invalid request was made.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

403

Requestor not allowed to update this API key.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

404

API key was not found.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

429

Request has been rate limited.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

PATCH /api/v1/api-keys/{id}

curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys/{id}" \
-X PATCH \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '[{"op":"replace","path":"/description","value":"my new description"}]'

const https = require('https')
  const data = JSON.stringify([{"op":"replace","path":"/description","value":"my new description"}])
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys/{id}',
    'method': 'PATCH',
    'headers': {
      'Content-type': 'application/json',
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  req.write(data)

This API is not included yet in qlik-cli

Request

[
  {
    "op": "replace",
    "path": "/description",
    "value": "my new description"
  }
]

Deletes or revokes an API key for a given API key ID. When the owner of the API key sends the request, the key will be deleted and removed from the tenant. When a user assigned the TenantAdmin role sends the request, the key will be disabled and marked as revoked.

Facts

Rate limit	Tier 2 (100 requests per minute)
Categories	authenticate

Path Parameters

idstring
Required

The ID of the API key to be retrieved.

format = "uid"

Responses

204

Deleted or revoked an API key resource.

403

Requestor not allowed to delete or revoke this API key.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

404

API key was not found.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

429

Request has been rate limited.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

DELETE /api/v1/api-keys/{id}

curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys/{id}" \
-X DELETE \
-H "Authorization: Bearer <access_token>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys/{id}',
    'method': 'DELETE',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)

This API is not included yet in qlik-cli

Retrieves the API key configuration for a tenant.

Facts

Rate limit	Tier 1 (1000 requests per minute)
Categories	authenticate

Path Parameters

tenantIdstring
Required

The tenant ID from which you wish to retrieve the API key configuration.

format = "uid"

Responses

200

API keys configuration.

application/jsonobject
Show application/json properties
- api_keys_enabledbooleanDeprecated
  
  Enables or disables user API key functionality for the specified tenant.
  
  default = false
- max_keys_per_usernumber
  
  The maximum number of active API keys that any user can create for the specified tenant.
  
  minimum = 0, maximum = 1000, default = 5, default = 5
- max_api_key_expirystring
  
  The maximum lifetime, in ISO8601 duration format, for which an API key can be issued for the specified tenant, e.g. P7D for 7 days.
  
  default = "PT24H"
- scim_externalClient_expirystring
  
  The expiry of the scim externalClient token in ISO8601 duration format, e.g. P365D for 365 days. Used during the creation of an externalClient API key for configuring a SCIM compatible Identity Provider.
  
  default = "P365D"

429

Request has been rate limited.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

default

Unexpected error.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

GET /api/v1/api-keys/configs/{tenantId}

curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys/configs/{tenantId}" \
-H "Authorization: Bearer <access_token>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys/configs/{tenantId}',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)

This API is not included yet in qlik-cli

Response

{
  "api_keys_enabled": false,
  "max_keys_per_user": 5,
  "max_api_key_expiry": "PT24H",
  "scim_externalClient_expiry": "P365D"
}

Updates the API keys configuration for a given tenant ID.

Facts

Rate limit	Tier 2 (100 requests per minute)
Categories	authenticate

Path Parameters

tenantIdstring
Required

The tenant ID of the API keys configuration to be retrieved.

format = "uid"

Request Body

Required

Configurations that the user wants to update for API keys.

application/jsonarray of objects

A JSON Patch document as defined in https://datatracker.ietf.org/doc/html/rfc6902.
Show application/json properties
- opstring
  Required
  
  The operation to be performed.
  
  Can be one of: "replace"
- pathstring
  Required
  
  The path for the given resource field to patch. The '/api_keys_enabled' option is deprecated and will be removed in a future release.
  
  Can be one of: "/api_keys_enabled""/max_api_key_expiry""/max_keys_per_user""/scim_externalClient_expiry"
- valueany
  Required
  
  The value to be used for this operation.

Responses

204

API keys configuration updated successfully.

400

Invalid request was made.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

403

Requestor not allowed to update the API keys configuration.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

404

Failed to update the API keys configuration.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

429

Request has been rate limited.

application/jsonobject
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Additional properties relating to the error.
  
  titlestring
  Required
  
  Summary of the problem.
  
  detailstring
  
  A human-readable explanation specific to this occurrence of the problem.
  
  sourceobject
  
  References to the source of the error.
  
  Show source properties
  
  pointerstring
  
  A JSON Pointer to the property that caused the error.
  
  parameterstring
  
  The URI query parameter that caused the error.
  
  statusinteger
  
  The HTTP status code.

PATCH /api/v1/api-keys/configs/{tenantId}

curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys/configs/{tenantId}" \
-X PATCH \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '[{"op":"replace","path":"/api_keys_enabled","value":true}]'

const https = require('https')
  const data = JSON.stringify([{"op":"replace","path":"/api_keys_enabled","value":true}])
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys/configs/{tenantId}',
    'method': 'PATCH',
    'headers': {
      'Content-type': 'application/json',
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  req.write(data)

This API is not included yet in qlik-cli

Request

[
  {
    "op": "replace",
    "path": "/api_keys_enabled",
    "value": true
  }
]

API keys

Endpoints

List API keys

Facts

Query Parameters

Responses

200

400

403

429

Response

Create API key

Facts

Request Body

Responses

201

400

403

429

default

Request

Response

Get API key for a given ID

Facts

Path Parameters

Responses

200

403

404

429

default

Response

Update API key description

Facts

Path Parameters

Request Body

Responses

204

400

403

404

429

Request

Delete or revoke an API key

Facts

Path Parameters

Responses

204

403

404

429

Get API key configuration

Facts

Path Parameters

Responses

200

429

default

Response

Update API keys configuration

Facts

Path Parameters

Request Body

Responses

204

400

403

404

429

Request