Secure Internet and SaaS Access (ZIA)
Managing Cloud Service API Key
After your API subscription is enabled, your organization's cloud service API key is initially provisioned by Zscaler, enabled, and displayed within the Cloud Service API Key page along with the base URL. An organization can only have one API key for the cloud service API. To learn more, see Getting Started.
- If you need to obtain API keys or secrets to access Zscaler OneAPI endpoints, see API Client Authentication in ZIdentity.
- Admins have view access to the Cloud Service API Key page information within the Zscaler Cloud Connector Portal.
From this page, you can:
- Add a new API key
Your organization can only have one API key. You must delete the existing key before adding a new one.
To add a new cloud service API key:
- Go to Administration > Cloud Service API Security > Cloud Service API Key.
- On the Cloud Service API Key tab, make sure that you have deleted the existing key. After the key is removed, the Add Cloud Service API Key option becomes available.
- Click Add Cloud Service API Key.
- You can immediately start using the new API key displayed on the tab.
- Edit the API key
To edit the cloud service API key:
- Go to Administration > Cloud Service API Security > Cloud Service API Key.
On the Cloud Service API Key tab, click the Edit icon.
The Edit Cloud Service API Key window appears.
In the Edit Cloud Service API Key window, enter the New API Key. The new key must meet the following requirements:
- The new key must be alphanumeric (i.e., A-Z, a-z, 0-9) and exactly 12 characters in length.
- The new key cannot be the same as the current API Key.
Click Confirm.
After confirmation, the old API key is immediately invalidated.
- Regenerate the API key
To regenerate the cloud service API key:
- Go to Administration > Cloud Service API Security > Cloud Service API Key.
- On the Cloud Service API Key tab, click the Regenerate icon.
In the confirmation window that appears, click Ok.
After confirmation, a randomized key string is immediately generated and the old string is invalidated.
- Delete the API key
To delete the cloud service API key:
- Go to Administration > Cloud Service API Security > Cloud Service API Key.
- On the Cloud Service API Key tab, click the Delete icon.
In the confirmation window that appears, click Ok.
After confirmation, the key is immediately removed and invalidated.
Your cloud service API key can be disabled by Zscaler or your service provider. The key might be disabled if your organization exceeds the threshold number of API calls allowed or the code developed for your organization violates Zscaler's terms and conditions. If this occurs, the ability to add, regenerate, or delete the key is removed and a Disabled status appears. You must contact Zscaler Support or your service provider to re-enable the key.
If your API subscription expires you still have access to the Cloud Service API Key page, but you cannot make any modifications (i.e., you lose access to the POST and PUT actions within the API). Also, your existing API key is still valid but disabled. If this occurs, contact Zscaler Support. The API key is re-enabled after your subscription is renewed.