Key Management

Last updated: 2020-09-10 15:23:05

    Overview

    This document describes how to manage keys in the API Gateway console.

    • Creating a key: you can create a key using the auto-generate key or the custom secret key method. A successfully created key must be bound to an API using a usage plan so that the key can be used as a credential for accessing the API.
    • Disabling/enabling a key: after a key is disabled, the API Gateway rejects all requests with signatures generated by using the key. After the key is enabled again, the API Gateway can properly process requests with signatures generated by using the key.
    • Changing a key: you can reset the SecretKey of a key while the secret key name and SecretId remain unchanged.
    • Deleting a key: you can delete a key in the Disabled state. A key in the In Use state cannot be deleted.

    Directions

    Auto-generating a key

    1. Log in to the API Gateway console.
    2. In the left sidebar, click Key to go to the key list page.
    3. Click Create to open the Create Key dialog box.
    4. Set Secret Key Type to Auto-generate key and enter a secret key name.
    5. Click Submit to auto-generate a key.

    Creating a custom key

    1. Log in to the API Gateway console.
    2. In the left sidebar, click Key to go to the key list page.
    3. Click Create to open the Create Key dialog box.
    4. Set Secret Key Type to Custom Secret Key and enter a secret key name, SecretId, and SecretKey.
    5. Click Submit to create a custom key.

    Disabling a key

    1. Log in to the API Gateway console.
    2. In the left sidebar, click Key to go to the key list page.
    3. Locate the target key in the In Use state and click Disable.
    4. In the pop-up confirmation dialog box, click Confirm to disable the key. After that, the status of the key changes to Disabled.

    Enabling a key

    1. Log in to the API Gateway console.
    2. In the left sidebar, click Key to go to the key list page.
    3. Locate the target key in the Disabled state and click Enable.
    4. In the pop-up confirmation dialog box, click Confirm to enable the key. After that, the status of the key will change to In Use.

    Changing a key

    1. Log in to the API Gateway console.
    2. In the left sidebar, click Key to go to the key list page.
    3. Locate the target key in the In Use state and click Change.
    4. In the pop-up confirmation dialog box, click Confirm to change the key; that is, to reset the SecretKey of the key.

    Deleting a key

    1. Log in to the API Gateway console.
    2. In the left sidebar, click Key to go to the key list page.
    3. Locate the target key in the Disabled state and click Delete.
    4. In the pop-up confirmation dialog box, click Confirm to delete the key.

    Notes

    • A key in the Disabled state cannot be changed or bound to a usage plan. To perform these operations, enable the key first.
    • A key in the In Use state cannot be deleted. To delete the key, disable it first.
    • The SecretId of a custom key is unique across all regions. If you fail to create a custom key, change the SecretId and try again.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help