Managing API Keys in VergeCloud

API Keys

Overview

The API Keys section in VergeCloud provides a centralized location to create, manage, and secure programmatic access to your organization’s services. API keys allow applications, scripts, or internal tools to interact with VergeCloud programmatically, without the need for manual intervention through the dashboard. By controlling these keys carefully, organizations can automate tasks, integrate third-party tools, and streamline workflows while maintaining a high level of security.

Through this section, you can generate new keys, assign specific roles and access scopes, monitor usage, and revoke keys if needed. Properly managing API keys ensures that only authorized applications or personnel can perform certain actions. This capability is critical for operational efficiency, security compliance, and adherence to the principle of least privilege, where users or systems are granted only the permissions they need to perform their functions.

API Keys List

The API Keys List provides a comprehensive overview of all API keys generated within your organization. Each entry in the list contains several pieces of information. The Name or Description column shows the custom label given during key creation, often including additional context about its purpose, such as automation scripts, CI/CD pipelines, or partner integrations. The API Key column displays a partially masked version of the key for recognition purposes without exposing the full token.

Roles indicate the permissions associated with the key, showing what actions the key is authorized to perform. The Created At column records the timestamp when the key was generated, helping administrators track its lifecycle. Finally, the Actions column provides options to view details, copy information, or revoke the key if it is no longer needed. This table makes it easy to manage multiple keys and ensures that access can be reviewed and adjusted regularly.

 

Create API Key Wizard

The Create API Key Wizard guides you through the process of generating a new key while ensuring that security best practices are followed.

Step 1: Basic Information

In the first step, you provide the foundational details for the new key. The API Key Name is required and should be a unique label that makes the key easily identifiable. Optionally, you can provide a description that explains the purpose of the key, such as integration with a deployment pipeline or a specific automation script. Providing clear descriptions helps maintain clarity when multiple keys exist.

Step 2: Access Scope

Next, define the access scope of the key. You can grant access to all services, which allows the key to interact with every existing and future service within the organization, or restrict it to specific services only. Limiting scope is important to reduce security risks and ensure that keys cannot perform unintended actions. This step allows administrators to enforce the principle of least privilege, granting only the access required for the key’s intended purpose.


 

Step 3: Assign Roles

Choose one or more predefined roles that determine the key’s permissions:
  1. Admin – Full administrative control over the selected services.
  2. Read-Only Admin – Viewing access without permission to modify resources.
  3. Billing Manager – Create and manage billing-related functions.
  4. Cache Purger – Purge cached content across the CDN.
  5. DNS Manager – Create, modify, or delete DNS records.
  6. Security Manager – Manage security configurations such as WAF, DDoS protection, and other security policies.
  7. Traffic Manager – Configure routing rules and load balancing.
  8. Insights Analyst – Access traffic analytics, performance metrics, and reporting.
 

Step 4: View API Key

In the final step, the wizard displays the full API key value. This is the only time the key will be visible, so it is crucial to copy it and store it securely. Losing the key may require generating a new one, which could disrupt automation or integrations relying on it.

 

Fields and Usage

API Key
The full token used to authenticate API requests. Treat it like a password.

X-API-Key Header
Include this header in every request made to VergeCloud APIs:
X-API-Key: <your-api-key>

Important Considerations

  1. One-time visibility
    The API key value is displayed only during creation and cannot be retrieved later.
  1. Non-editable
    API keys cannot be modified after creation.
    To change roles or scope, revoke the existing key and generate a new one.

  2. Least Privilege Principle
    Assign only the required roles to reduce security risks.

  3. Scope Alignment
    Ensure the scope accurately matches the role assignments to prevent unintended access.

  4. Immediate Revocation
    Revoking or deleting an API key instantly blocks all associated API access.

    • Related Articles

    • Activity Log

      Activity Log The Activity Log provides a comprehensive history of all actions taken across your VergeCloud organisation. It captures every significant event—whether performed by a user or via an API key—along with essential metadata such as ...

    • Changing Default Name Servers

      Overview A Name Server (NS) Record is a fundamental type of DNS record that specifies which DNS server is authoritative for a particular domain. It essentially tells the internet where to go when someone tries to access your domain. Without accurate ...

    • Organization

      Overview Every VergeCloud user begins with a personal organization by default. This personal organization is a private space that only the user can access and serves as an initial environment for managing their resources. While personal organizations ...

    • Domain-Based and Organization-Based Roles

      Overview This platform uses a role-based access control (RBAC) system to manage what actions users can perform. Roles are divided into two main categories: Domain-Based Roles and Organization-Based Roles. Each role provides a specific set of ...

    • Install SSL Certificate on IIS

      Overview Securing your application hosted on Windows Server is an essential step to ensure that all communications between VergeCloud and your server remain encrypted and protected. Installing an SSL certificate in Internet Information Services, or ...