API keys

API keys can be used by developers to gain programmatic access to the Qlik platform, acting as their own user.

Download specification

Lists API keys for a given tenant ID.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories externalauthenticate

Query Parameters

  • createdByUserstring

    The user ID that created the API key.

    format = "uid"

  • endingBeforestring

    Get resources with IDs that are lower than the target resource ID. Cannot be used in conjunction with startingAfter.

    format = "uid v4"

  • limitnumber

    Maximum number of API keys to retrieve.

    minimum = 1, maximum = 100, default = 20, default = 20

  • sortstring

    The field to sort by, with +/- prefix indicating sort order

    Can be one of: "createdByUser""+createdByUser""-createdByUser""sub""+sub""-sub""status""+status""-status""description""+description""-description""created""+created""-created"

    default = "-created"

  • startingAfterstring

    Get resources with IDs that are higher than the target resource ID. Cannot be used in conjunction with endingBefore.

    format = "uid v4"

  • statusstring

    The status of the API key.

    Can be one of: "active""expired""revoked"

    format = "uid"

  • substring

    The ID of the subject.

    format = "uid"

Responses

200

application/json

The API keys page result.

  • application/jsonobject
    Show application/json properties
    • dataarray of objects
      Required

      Properties of API keys in a given tenant.

      Show data properties
      • idstring
        Required

        The unique ID for the resource.

        format = "uid"

      • substring
        Required

        The ID of the subject for the API key. For SCIM the format is SCIM\\{{IDP-ID}}, where {{IDP-ID}} is the ID of the IDP in Qlik.

      • expirystring
        Required

        When the API key will expire and no longer be a valid authentication token.

        format = "date-time"

      • statusstring
        Required

        The status of the API key.

        Can be one of: "active""expired""revoked"

      • createdstring

        When the API key was created.

        format = "date-time"

      • subTypestring
        Required

        Type of the subject. For SCIM, it should be externalClient.

        Can be one of: "user""externalClient"

      • tenantIdstring
        Required

        The tenant ID.

        format = "uid"

      • descriptionstring
        Required

        A description for the API key.

      • lastUpdatedstring

        When the API key was last updated.

        format = "date-time"

      • createdByUserstring
        Required

        The ID of the user who created the key.

        format = "uid"

    • linksobject
      Required

      Navigation links to page results.

      Show links properties
      • nextobject
        Show next properties
        • hrefstring
          Required

          The URL for the link.

          format = "uri"

      • prevobject
        Show prev properties
        • hrefstring
          Required

          The URL for the link.

          format = "uri"

      • selfobject
        Required
        Show self properties
        • hrefstring
          Required

          The URL for the link.

          format = "uri"

400

application/json

Invalid request was made.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

      List of errors and their properties.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON Pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusinteger

        The HTTP status code.

403

application/json

Requestor not allowed to list API keys.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

429

application/json

Request has been rate limited.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
GET /v1/api-keys 
curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys" \
-H "Authorization: Bearer <API-key>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <API-key>'
    }
  }
  const req = https.request(options)
  

qlik api-key ls

Response

{
  "data": [
    {
      "id": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
      "sub": "SCIM\\\\215g5595380d646163cadbb9",
      "expiry": "2018-10-30T07:06:22Z",
      "status": "active",
      "created": "2018-10-30T07:06:22Z",
      "subType": "user",
      "tenantId": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
      "description": "string",
      "lastUpdated": "2018-10-30T07:06:22Z",
      "createdByUser": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69"
    }
  ],
  "links": {
    "next": {
      "href": "string"
    },
    "prev": {
      "href": "string"
    },
    "self": {
      "href": "string"
    }
  }
}

Creates an API key resource.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories externalauthenticate

Request Body

Required

application/json

Properties that the user wants to set for the API key.

  • application/jsonobject
    Show application/json properties
    • substring

      The ID of the subject for the API key. For SCIM the format is SCIM\\{{IDP-ID}}, where {{IDP-ID}} is the ID of the IDP in Qlik.

    • expirystring

      The expiry of the API key, in ISO8601 duration format.

    • subTypestring

      Type of the subject. For SCIM, it should be externalClient.

      Can be one of: "user""externalClient"

    • descriptionstring
      Required

      Text that describes the API key.

Responses

201

application/json

Created the API key successfully.

  • application/jsonobject
    Show application/json properties
    • idstring
      Required

      The unique ID for the resource.

      format = "uid"

    • substring
      Required

      The ID of the subject for the API key.

      format = "uid"

    • tokenstring
      Required

      The generated signed JWT.

    • expirystring
      Required

      When the API key will expire and no longer be a valid authentication token.

      format = "date-time"

    • statusstring
      Required

      The status of the API key.

      Can be one of: "active""expired""revoked"

    • createdstring

      When the API key was created.

      format = "date-time"

    • subTypestring
      Required

      Type of the subject.

      Can be one of: "user"

    • tenantIdstring
      Required

      The tenant ID.

      format = "uid"

    • descriptionstring
      Required

      A description for the API key.

    • lastUpdatedstring

      When the API key was last updated.

      format = "date-time"

    • createdByUserstring
      Required

      The id of the user who created the key.

      format = "uid"

400

application/json

Invalid request was made.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

403

application/json

Requestor not allowed to create an API key

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

429

application/json

Request has been rate limited.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

default

application/json

Unexpected error.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
POST /v1/api-keys 
curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys" \
-X POST \
-H "Content-type: application/json" \
-H "Authorization: Bearer <API-key>" \
-d '{"sub":"SCIM\\\\215g5595380d646163cadbb9","expiry":"string","subType":"user","description":"string"}'

const https = require('https')
  const data = JSON.stringify({"sub":"SCIM\\\\215g5595380d646163cadbb9","expiry":"string","subType":"user","description":"string"})
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys',
    'method': 'POST',
    'headers': {
      'Content-type': 'application/json',
      'Authorization': 'Bearer <API-key>'
    }
  }
  const req = https.request(options)
  req.write(data)
  

qlik api-key create \
--description="string" \
--expiry="string" \
--sub="SCIM\\215g5595380d646163cadbb9" \
--subType="user"

Request

{
  "sub": "SCIM\\\\215g5595380d646163cadbb9",
  "expiry": "string",
  "subType": "user",
  "description": "string"
}

Response

{
  "id": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
  "sub": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
  "token": "string",
  "expiry": "2018-10-30T07:06:22Z",
  "status": "active",
  "created": "2018-10-30T07:06:22Z",
  "subType": "user",
  "tenantId": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
  "description": "string",
  "lastUpdated": "2018-10-30T07:06:22Z",
  "createdByUser": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69"
}

Gets the API key for a given ID.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories externalauthenticate

Path Parameters

  • idstring
    Required

    The ID of the API key resource to be retrieved.

    format = "uid"

Responses

200

application/json

Returns an API key resource.

  • application/jsonobject
    Show application/json properties
    • idstring
      Required

      The unique ID for the resource.

      format = "uid"

    • substring
      Required

      The ID of the subject for the API key. For SCIM the format is SCIM\\{{IDP-ID}}, where {{IDP-ID}} is the ID of the IDP in Qlik.

    • expirystring
      Required

      When the API key will expire and no longer be a valid authentication token.

      format = "date-time"

    • statusstring
      Required

      The status of the API key.

      Can be one of: "active""expired""revoked"

    • createdstring

      When the API key was created.

      format = "date-time"

    • subTypestring
      Required

      Type of the subject. For SCIM, it should be externalClient.

      Can be one of: "user""externalClient"

    • tenantIdstring
      Required

      The tenant ID.

      format = "uid"

    • descriptionstring
      Required

      A description for the API key.

    • lastUpdatedstring

      When the API key was last updated.

      format = "date-time"

    • createdByUserstring
      Required

      The ID of the user who created the key.

      format = "uid"

403

application/json

Requestor not allowed to query this API key.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

404

application/json

API key was not found.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

429

application/json

Request has been rate limited.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

default

application/json

Unexpected error.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
GET /v1/api-keys/{id} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys/{id}" \
-H "Authorization: Bearer <API-key>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys/{id}',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <API-key>'
    }
  }
  const req = https.request(options)
  

qlik api-key get <api-keyId>

Response

{
  "id": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
  "sub": "SCIM\\\\215g5595380d646163cadbb9",
  "expiry": "2018-10-30T07:06:22Z",
  "status": "active",
  "created": "2018-10-30T07:06:22Z",
  "subType": "user",
  "tenantId": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69",
  "description": "string",
  "lastUpdated": "2018-10-30T07:06:22Z",
  "createdByUser": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69"
}

Updates an API key for a given ID.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories externalauthenticate

Path Parameters

  • idstring
    Required

    The ID of the API key resource to be updated.

    format = "JWT ID (jti)"

Request Body

Required

application/json

Properties that the user wants to update for the API key.

A JSON Patch document as defined in https://datatracker.ietf.org/doc/html/rfc6902.

  • application/jsonarray of objects

    A JSON Patch document as defined in https://datatracker.ietf.org/doc/html/rfc6902.

    Show application/json properties
    • opstring
      Required

      The operation to be performed.

      Can be one of: "replace"

    • pathstring
      Required

      The path for the given resource field to patch.

      Can be one of: "/description"

    • valuestring
      Required

      The value to be used for this operation.

Responses

204

API key updated successfully.

400

application/json

Invalid request was made.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

403

application/json

Requestor not allowed to update this API key.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

404

application/json

API key was not found.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

429

application/json

Request has been rate limited.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
PATCH /v1/api-keys/{id} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys/{id}" \
-X PATCH \
-H "Content-type: application/json" \
-H "Authorization: Bearer <API-key>" \
-d '[{"op":"replace","path":"/description","value":"my new description"}]'

const https = require('https')
  const data = JSON.stringify([{"op":"replace","path":"/description","value":"my new description"}])
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys/{id}',
    'method': 'PATCH',
    'headers': {
      'Content-type': 'application/json',
      'Authorization': 'Bearer <API-key>'
    }
  }
  const req = https.request(options)
  req.write(data)
  

qlik api-key patch <api-keyId> \
--body='[{"op":"replace","path":"/description","value":"my new description"}]'

Request

[
  {
    "op": "replace",
    "path": "/description",
    "value": "my new description"
  }
]

Deletes or revokes an API key.

When the owner of the API key sends the request, the key will be removed. When a TenantAdmin sends the request, the key will be revoked.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories externalauthenticate

Path Parameters

  • idstring
    Required

    The ID of the API key resource to be retrieved.

    format = "uid"

Responses

204

Deleted or revoked an API key resource.

403

application/json

Requestor not allowed to delete or revoke this API key.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

404

application/json

API key was not found.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

429

application/json

Request has been rate limited.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
DELETE /v1/api-keys/{id} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys/{id}" \
-X DELETE \
-H "Authorization: Bearer <API-key>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys/{id}',
    'method': 'DELETE',
    'headers': {
      'Authorization': 'Bearer <API-key>'
    }
  }
  const req = https.request(options)
  

qlik api-key rm <api-keyId>

Gets the API keys configuration for a given tenant ID.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories externalauthenticate

Path Parameters

  • tenantIdstring
    Required

    The tenant ID of the API keys configuration to be retrieved.

    format = "uid"

Responses

200

application/json

API keys configuration.

  • application/jsonobject
    Show application/json properties
    • api_keys_enabledboolean

      Enables or disables API key functionality for the specified tenant.

      default = false

    • max_keys_per_usernumber

      The maximum number of active API keys that any user can create for the specified tenant.

      minimum = 0, maximum = 1000, default = 5, default = 5

    • max_api_key_expirystring

      The maximum lifetime, in ISO8601 duration format, for which an API key can be issued for the specified tenant.

      default = "PT24H"

429

application/json

Request has been rate limited.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

default

application/json

Unexpected error.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
GET /v1/api-keys/configs/{tenantId} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys/configs/{tenantId}" \
-H "Authorization: Bearer <API-key>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys/configs/{tenantId}',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <API-key>'
    }
  }
  const req = https.request(options)
  

qlik api-key config get <tenantId>

Response

{
  "api_keys_enabled": false,
  "max_keys_per_user": 5,
  "max_api_key_expiry": "PT24H"
}

Updates the API keys configuration for a given tenant ID.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories externalauthenticate

Path Parameters

  • tenantIdstring
    Required

    The tenant ID of the API keys configuration to be retrieved.

    format = "uid"

Request Body

Required

application/json

Configurations that the user wants to update for API keys.

A JSON Patch document as defined in https://datatracker.ietf.org/doc/html/rfc6902.

  • application/jsonarray of objects

    A JSON Patch document as defined in https://datatracker.ietf.org/doc/html/rfc6902.

    Show application/json properties
    • opstring
      Required

      The operation to be performed.

      Can be one of: "replace"

    • pathstring
      Required

      The path for the given resource field to patch.

      Can be one of: "/api_keys_enabled""/max_api_key_expiry""/max_keys_per_user"

    • valueany
      Required

      The value to be used for this operation.

Responses

204

API keys configuration updated successfully.

400

application/json

Invalid request was made.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

403

application/json

Requestor not allowed to update the API keys configuration.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

404

application/json

Failed to update the API keys configuration.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects

429

application/json

Request has been rate limited.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
PATCH /v1/api-keys/configs/{tenantId} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/api-keys/configs/{tenantId}" \
-X PATCH \
-H "Content-type: application/json" \
-H "Authorization: Bearer <API-key>" \
-d '[{"op":"replace","path":"/api_keys_enabled","value":true}]'

const https = require('https')
  const data = JSON.stringify([{"op":"replace","path":"/api_keys_enabled","value":true}])
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/api-keys/configs/{tenantId}',
    'method': 'PATCH',
    'headers': {
      'Content-type': 'application/json',
      'Authorization': 'Bearer <API-key>'
    }
  }
  const req = https.request(options)
  req.write(data)
  

qlik api-key config patch <tenantId> \
--body='[{"op":"replace","path":"/api_keys_enabled","value":true}]'

Request

[
  {
    "op": "replace",
    "path": "/api_keys_enabled",
    "value": true
  }
]