Work with API Keys

Note

This feature is currently in alpha. If you want to try it out, submit a ticket to the support team.

API keys are JSON Web Tokens (JWTs) issued and managed in StreamNative Cloud Console via APIs. It allows you to create long-lived tokens and revoke them. These API keys are associated with the service account and the organization/instance from which you create them.

With this feature, you can:

  • create and use API keys to connect clients to your Pulsar clusters.
  • manage all keys associated with an organization, including revocation.

Prerequisites

Ensure your Pulsar cluster has been upgraded to the following minimum versions:

  • 2.9.5.2
  • 2.10.4.4
  • 3.0.0.3

Create an API key

To create an API key for a specific service account in StreamNative Cloud Console, follow these steps.

  1. On the left navigation pane, click Service Accounts.

  2. On the Service Accounts page, select a specific service account.

    Tip

    You can also click New on the top-right corner and select Create API Key to create the API key for any service account.

  3. On the API Key page of this service account, click New API Key.

  4. Specify the required attributes for the API key.

    FieldDescription
    NameThe name of the API key.
    Expiration dateBy default, each API key expires in 30 days. If you want it to be long-lived, you can select No expiration date.
    Service AccountThe service account you want to associate the API key with. The one selected in step 2 is auto-populated.
    InstanceThe instance where the API key applies (it won't work for other instances).
    Description (optional)The descriptive text to introduce the API key.
  5. Click Confirm.

  6. Click Copy and close to copy the generated API key and save it in a safe location for future use.

    Warning

    Make sure the generated API key is securely saved since you won't be able to see it again after closing this window.

Use an API key

After creating an API key in StreamNative Cloud Console, you can use it to connect clients through JWT authentication.

For more examples of configuring Pulsar clients using JWT authentication, see Pulsar documentation.

Revoke an API key

To revoke an API key for a specific service account in StreamNative Cloud Console, follow these steps.

  1. On the left navigation pane, click Service Accounts.

  2. On the Service Accounts page, select a specific service account.

  3. On the API Key page of this service account, click the Ellipsis (...) icon in the row of the API key that you want to revoke, and select Revoke.

  4. Type the API key’s name to confirm and then click Revoke.

What's expected after a revocation?

  • Revoked API keys will be removed from their service accounts in 15 days.
  • If an API key gets revoked when being used by Kafka clients, the connection will stay alive. For Pulsar clients, the connection will be terminated in 1 minute.
Previous
Coming Soon