NerdGraph tutorial: Manage API keys
This doc contains tutorials on how to useNerdGraph to programmatically manage some New Relic API keys: the license key, the browser key, and the. For general information about our keys, seeAPI keys.
Overview of feature description
You can use theAPI keys UI to create and manage keys. Alternatively, you can useNerdGraph'sApiAccess field to programmatically create and manage the following types of keys:
User keys, required for using NerdGraph
Data ingest keys, including:
- The: required for the ingest of most data to New Relic, except for data and data
- Browser key: required for the ingest of browser monitoring data
One common use case for this feature is the ability to rotate keys for security purposes. Note that you can't use this NerdGraph functionality to delete the license key or browser key that was originally created with an account; those original keys can't be deleted. You can only create additional license keys and manage the ones you've created.
Notes about this functionality:
- All mutations can accept multiple keys as arguments, and will return details about successful changes and errors. See examples below for details.
- All mutations (create, update and delete) will result in an
NrAuditEventthat can be queried for auditing purposes. For details, seeAudit events. - Regarding ingest keys:
- License and Browser keys are categorized by NerdGraph asingest keys. This is because their main use is to allow data ingest.
- You can create up to 1,000 keys of each ingest key type, which allows for key rotation.
- You can't manage or delete original account ingest keys but you can contact New Relic support to rotate these; you can only create additional ingest or user keys and manage keys you've created.
Before using examples
Things to note before using these example queries:
- To understand the data structure, we recommend experimenting with queries using theGraphiQL explorer.
- You can alsocreate, view, and delete user keys using the UI.
Create keys
Tip
You can find and generate user keys using theNerdGraph GraphQL explorer, at the top of that interface.
To create multiple keys (user key or ingest key) in a single mutation, for multiple accounts and key types. Note that the mutation can return successfully created keys as well as any errors encountered trying to create keys.
Example of creating a key:
mutation{apiAccessCreateKeys(keys:{ingest:{accountId:YOUR_ACCOUNT_IDingestType:BROWSERname:"Browser Key"notes:"A note."}}){createdKeys{idkeynamenotestype...onApiAccessIngestKey{ingestType}}errors{messagetype...onApiAccessIngestKeyError{accountIderrorTypeingestType}}}}Results will vary depending on your data. Use theGraphiQL explorer to experiment with mutations and queries.
Here's an example of using this query to create auser key:
Update keys
The update mutation takes the key ID, not the key string, to identify keys.
mutation{apiAccessUpdateKeys(keys:{ingest:{keyId:KEY_ID,name:"Updated name",notes:"A new note!"}}){updatedKeys{idkeytypenamenotes}errors{message}}}Results will vary depending on your data. Use theGraphiQL explorer to experiment with mutations and queries.
Delete keys
The delete mutation takes the key ID, not the key string, to identify keys. Deleted keys will no longer grant access to New Relic systems and will no longer be returned by queries to the API access GraphQL API.
mutation{apiAccessDeleteKeys(keys:{ingestKeyIds:INGEST_KEY_ID}){deletedKeys{id}errors{message}}}Results will vary depending on your data. Use theGraphiQL explorer to experiment with mutations and queries.
Query keys
You can access ingest and user keys by querying a single key or all keys, scoped to theactor. If querying for a single key, you must provide the key ID and type (INGEST orUSER). Querying for multiple keys is done via a key search, which uses a mandatory types list and an optional scope to filter results. User keys belonging to other users will be obfuscated in the results.
Single key example query:
query{actor{apiAccess{key(id:"INGEST_KEY_ID",keyType:INGEST){keynametype...onApiAccessIngestKey{ingestType}}}}}Key search example query:
query{actor{apiAccess{keySearch(query:{types:INGEST,scope:{ingestTypes:BROWSER}}){keys{namekeytype...onApiAccessIngestKey{ingestType}}}}}}Results will vary depending on your data. Use theGraphiQL explorer to experiment with mutations and queries.
On this page
Was this doc helpful?