API Keys
On Zilliz Cloud, every organization comes with a set of API keys. These keys are essential authentication tokens required for initiating RESTful API or SDK calls. They play a crucial role in accessing specific projects and resources within the organization.
Overview of API keys
To cater to various requirements, Zilliz Cloud offers two distinct types of API keys:
-
Personal keys: Linked to individual users, this type of key is auto-generated by Zilliz Cloud for each organization user, inheriting the permissions of the user role. If the user leaves the organization, its personal key will be automatically deleted, which might not be ideal for long-term projects.
-
Customized keys: Tied to applications or programs, rather than individual users. Users with Owner status can create and oversee this type of key. Customized keys are suitable for development purposes, offering stable, long-term API integration and automation capabilities.
In versions released prior to January 16, 2024, API key types weren't categorized. If you upgrade your Zilliz Cloud service from a version released before this date, your API keys generated earlier will be designated as customized API keys. These keys will inherit the project-level permissions of the original API keys.
Secure API calls with RBAC
Role-based Access Control (RBAC) is a crucial security mechanism in Zilliz Cloud, applicable to managing API calls. This system allows for fine-grained control over access to resources by assigning roles with specific permissions to users within the organization.
For more information on access levels of each role, see Authorization.
API key management
User roles within an organization affect the extent of API key management permissions. The specific permissions are outlined as follows:
Organization Owner | Project Owner | Project Member | |
---|---|---|---|
Personal API Key | |||
Creation | Auto generated | Auto generated | Auto generated |
Viewing the user's assigned API key | ✔️ | ✔️ | ✔️ |
Viewing member's API key names [1] | ✔️ | ✔️ | ✘ |
Resetting API key [2] | ✔️ | ✔️ | ✔️ |
Customized API Key | |||
Creation | ✔️ | ✔️ [3] | ✘ |
Viewing | ✔️ | ✔️ [4] | ✘ |
Removing permissions from API key | ✔️ | ✔️ [4] | ✘ |
Editing API key name | ✔️ | ✘ | ✘ |
Resetting API key | ✔️ | ✘ | ✘ |
Deleting API key | ✔️ | ✘ | ✘ |
Notes:
[1] Owner users can view member's API key names based on their permission scope. Organization owners can view all member's API key names organization-wide, while project owners can only view those within their permission range. Project members can only view their own personal key.
[2] Each user can reset only their own personal key.
[3] The permission that a project owner can grant to a customized API key is subject to its own permission scope.
[4] Project owners can only view or manage customized API keys within their permission scope. For example, if User 1 owns Project A and a customized API key (Key 1) has access to Projects A, B, and C, User 1 has no access to Key 1 since its access scope goes beyond User 1's permissions.