icon-zia.svg
Secure Internet and SaaS Access (ZIA)

About Cloud Service API Key

You can authenticate with the cloud service API using a combination of API key (an alphanumeric key of 12 characters in length) and ZIA admin credentials (i.e., username and password).

If you need to obtain API keys or secrets to access Zscaler OneAPI endpoints, see API Client Authentication in ZIdentity.

Cloud Service API Key enhances your API experience by enabling you to:

  • Prevent the misuse of API services by providing API key access only to authorized ZIA admins configured with appropriate functional scope access to the API services.
  • Prevent API service abuse via stolen API key by regenerating the API key whenever required or in events you suspect vulnerabilities for an attack.
  • Ensure no further API requests are possible after you finish consuming the API services by deleting the API key.

You need a valid API subscription to access and manage your organization’s API key. When an API subscription is applied to your organization, your organization's API key is initially provisioned by Zscaler, enabled, and displayed within the Cloud Service API Key page along with the base URL. The base URL and key are required in order to authenticate via the API and create a session.

In the Cloud Service API Key page, you can:

  • Remove the API key and add a new one.
  • Edit the API key.
  • Regenerate the API key, which randomly generates a new key string that replaces the old string.

An organization can only have one API key. However, if you are managing multiple organizations within Zscaler and want to maintain the same key string across them, Zscaler recommends editing the key instead of adding a new one or regenerating it. This allows you to use the same key string across organizations, if necessary.

Adding, editing, or regenerating an API key, immediately invalidates the old key. If you replaced or edited a key, you also need to replace any references to the old key within any code developed for your organization. To learn more about the cloud service API, including developer getting started information and API endpoints, see Getting Started and the API Reference.

Admins have view access to the Cloud Service API Key page information within the Zscaler Cloud Connector Portal.

About the Cloud Service API Key Page

On the Cloud Service API Key page (Administration > Cloud Service API Security > Cloud Service API Key), you can do the following:

  1. View the base URL for the cloud service API.
  2. Add a new Cloud Service API Key. You must delete the existing key before you can add a new one.
  3. View information regarding your organization's cloud service API key. For the key, you can see:
    • Key: The API key string.
    • Last Modified By: The last admin to modify the key.
    • Last Modified On: The date and time the key was last modified.
  4. Edit the API key.
  5. Regenerate the API key.
  6. Delete the API key.
  7. Modify the table and its columns.
  8. Go to the OAuth 2.0 Authorization Servers or Sandbox API Token tab.

Related Articles
About Cloud Service API KeyManaging Cloud Service API KeyAbout Sandbox API TokenManaging Sandbox API Token Securing ZIA APIs with OAuth 2.0About OAuth 2.0 Authorization ServersManaging OAuth 2.0 Authorization ServersOAuth 2.0 Configuration Guide for OktaOAuth 2.0 Configuration Guide for Microsoft Entra ID