HTTP requests to the API are protected with HTTP Bearer authentication. Set your project API key as the token on each request.
You can find your project API key in the 'Settings' tab from the Octane portal:
Rolling an API key in Octane involves revoking the existing key and generating a replacement key. This process is crucial for security and compliance reasons. You can roll an API key immediately or schedule it to roll after a specific time. Below are common scenarios that may require rolling an API key in Octane:
- Loss: If your current API key is lost, you will want to generate a new one.
- Security Breach: When a secret or restricted key is compromised, it should be revoked to prevent potentially malicious API requests from using it.
- Key Rotation Policy: Your organization's security policy may require the regular rotation of keys at specific intervals to enhance security.
To roll an API key in Octane, simply click the "Roll API Credentials" button seen the the picture above.
A new immediately usable key will be generated for you and the old key will be set to expire within 7 days. Further customization of when to expire the old key can be done if you choose to roll the credentials via the API.