Creating an API key
API keys can have account-level permissions, team-scoped permissions, or a combination of both. This means teams can manage their own config via the API without risking changes to other teams’ resources. When you create a new API key, you choose which permissions it has. You can only grant permissions that you yourself have. If you only have team-level permissions, you’ll only be able to create keys with team-scoped permissions.Account-level permissions
Account-level permissions apply across your entire organization. These are the same permissions available when creating custom roles, such as creating incidents, managing workflows, or reading catalog data.Team-scoped permissions
Team-scoped permissions restrict what a key can do to resources owned by specific teams.Permissions required
To manage API keys, you need one of:- The account-level Manage API keys permission (via a base or custom role)
- The team-scoped Manage API keys permission (via a team role)
Can an API key be scoped to multiple teams?
Can an API key be scoped to multiple teams?
Yes. A key can be associated with multiple teams, but it will have the same set of team-scoped permissions across all of them.
Can a key have both global and team-scoped permissions?
Can a key have both global and team-scoped permissions?
Yes. A single key can have account-level permissions (e.g., read catalog data) alongside team-scoped permissions (e.g., manage schedules for a specific team).