Skip to main content

Overview

API keys provide programmatic access for integrations and automation. Cysmiq supports personal keys and workspace keys.

Key types

Key typeWhere you manage itScopeNotes
Personal API keyUser security settingsUser scopedCan be restricted to specific workspaces
Workspace API keyWorkspace security settingsTenant scopedManaged by workspace admins

Scopes

Available scopes in the UI:
ScopeAPI valueDescription
Read vulnerabilitiesvulnerabilities:readAccess vulnerability lists, summary data, details, and vulnerability locations for repositories
Update vulnerabilitiesvulnerabilities:writeUpdate vulnerability workflow metadata such as assignees
Read policy violationspolicy-violations:readAccess policy violation lists and details for repositories
Read scansscans:readAccess scan lists and status for repositories
Read organizationsorganizations:readAccess organization lists and details
Read repositoriesrepositories:readAccess repository lists and details
Read applicationsapplications:readAccess application lists and details
Read tenantstenants:readList the workspaces the key can access
The default scope set includes read access for vulnerabilities, policy violations, scans, organizations, repositories, applications, and tenants. Write access must be selected explicitly. Existing keys keep the scopes selected when they were created. If a key was created before applications:read or tenants:read was available, create a new key with those scopes to use application or tenant list endpoints.

Expiration options

The field is labeled Expires in the UI.
  • 7 days
  • 30 days
  • 90 days
  • 180 days
  • 365 days
  • Never

Key lifecycle

  • Create: Name the key, choose scopes, select an expiration, and optionally restrict the key to one or more workspaces
  • One time display: New keys are shown once. Copy and store them securely
  • Status: Keys are marked Active, Expired, or Disabled
  • Usage details: View created time, last used time, expiration date, scopes, and any workspace restrictions
  • Revoke: Revoke a key to permanently disable it