PagerDuty offers two APIs, which require API access keys:
- REST API: Allows third parties to interact with configuration data in your account.
- Events API: Allows you to add PagerDuty's advanced event and incident management functionality to any system that can make an outbound HTTP connection.
There are two types of REST API keys:
Both types of REST API keys are 20-character strings. They will produce an error if they’re used with an Events API call.
📘
REST API Availability
The REST API is available to all customers on current pricing plans. It is not available to some customers on legacy pricing plans.
🚧
Required User Permissions
Admins and Account Owners can create, disable, enable and delete general access REST API keys.
- In the web app, navigate to Integrations API Access Keys under Developer Tools.
- Click Create New API Key.
- Enter a Description to help you identify the key later.
- Optionally check Read-only API Key if you’d like the key to only make
GETcalls.
- Click Create Key.
🚧
API Key Storage
This will generate a unique API key. Store it in a secure location, as this is the only time the key is displayed in full. If you lose a key you will need to delete it and create a new one.
- Click Close.
The key will appear in the table of API Access keys below, along with some additional information: the description, when it was created, the API version, access level and whether it’s disabled (including who disabled the key and when).
Disable a REST API Access Key
Disable a REST API Access Key
Disabling a general access REST API key means that the key will no longer work with the REST API. However, this action does not delete the key and it can be re-enabled at a later time.
🚧
Required User Permissions
Admins and Account Owners can disable general access REST API keys.
- In the web app, navigate to Integrations API Access Keys.
- In the table of API access keys, select Disable next to the key you’d like to disable.
- Confirm your selection in the browser alert.
Enable a REST API Access Key
Enable a REST API Access Key
- In the web app, navigate to Integrations API Access Keys.
- In the table of API access keys, select Enable next to the key you’d like to enable.
Delete a REST API Access Key
Delete a REST API Access Key
Deleting a general access REST API key removes the key from your account. This is an irreversible action and a deleted key cannot be recovered. The Account Owner and users with an Admin or Global Admin user role can delete general access REST API keys.
- In the web app, navigate to Integrations API Access Keys.
- In the table of API access keys, select Remove next to the key you’d like to delete.
- Confirm your selection in the browser alert.
Generate a User Token REST API Key
Generate a User Token REST API Key
🚧
Requirements
If your account has Advanced Permissions, users can create personal REST API keys. Requests made using personal REST API keys are restricted to the user's permissions. Any client request for an operation that the user is not permitted to perform will result in a
403 Forbiddenresponse.
- In the web app, navigate to User Icon My Profile User Settings.
- In the section API Access, click Create API User Token.
- Enter a Description to help you identify the key later.
- Click Create Key.
🚧
API Key Storage
This will generate a unique API key. Store it in a secure location, as this is the only time the key is displayed in full. If you lose a key you will need to delete it and create a new one.
- Click Close.
The key will appear in the table below, along with some additional information: when it was created, last used, and the API version.
Delete a User Token REST API Key
Delete a User Token REST API Key
Deleting a personal REST API access key removes the key from the user’s account. This is an irreversible action and a deleted key cannot be recovered.
🚧
Required User Permissions
Any user may delete their own keys. Account Owners and Admins can delete other users’ personal access keys, so long as the other user is not the Account Owner, an Admin or Global Admin.
- In the web app, navigate to User Icon My Profile User Settings.
- In the section API Access, click Remove next to the key you’d like to delete.
- Confirm your selection in the browser alert.
In addition to General Access REST API Keys and User Token REST API Keys, you can generate scoped tokens, which offer more granular control over the objects that users and apps can access. Please read our dev docs Register an App for more information.
Rate Limits
Rate Limits
In order to ensure fair access to REST API resources, PagerDuty enforces rate limits. Please read REST API Rate Limits for more information.
🚧
Requirements
The Events API is available to all customers, and any user with a Manager role or above can generate an integration key.
API keys for the Events API are 32-character strings. They are associated with service-level integrations, and are listed on a service’s Integrations tab. Read more about configuring integration keys for the Events API in our Services and Integrations article.
Event Orchestration, which allows you to centralize event processing, also makes use of integration keys for the Events API.
Updated about 2 months ago
I'm a specialist with in-depth knowledge of API management and configuration, particularly in the context of PagerDuty. My expertise includes understanding the nuances of PagerDuty's REST API and Events API, as well as the various types of API keys involved.
Now, let's delve into the concepts mentioned in the article about PagerDuty's APIs and API keys:
-
PagerDuty APIs:
-
REST API:
- Purpose: Allows third parties to interact with configuration data in your PagerDuty account.
- Types of Keys: General Access REST API Keys and User Token REST API Keys (both 20-character strings).
- Availability: Accessible to all customers on current pricing plans, but not available to some on legacy plans.
-
Events API:
- Purpose: Integrates PagerDuty's advanced event and incident management functionality into any system with outbound HTTP capability.
- Key Type: Events API keys (32-character strings) associated with service-level integrations.
- Availability: Open to all customers; users with a Manager role or above can generate integration keys.
-
-
REST API Keys:
- Types:
- General Access REST API Keys
- User Token REST API Keys
- Creation and Management:
- Admins and Account Owners can create, disable, enable, and delete General Access REST API Keys.
- Creation Process: Navigate to Integrations > API Access Keys, provide a description, and generate the key.
- Storage: Securely store the key, as it's only displayed once during creation.
- Disabling: Admins and Account Owners can disable keys, rendering them inactive but not deleting them.
- Enabling: Admins and Account Owners can re-enable disabled keys.
- Deletion: Account Owners and Admins can permanently delete General Access REST API Keys.
- Types:
-
User Token REST API Keys:
- Creation and Management:
- Users with Advanced Permissions can create personal REST API keys with restricted permissions.
- Creation Process: Navigate to User Settings > API Access, provide a description, and generate the key.
- Deletion: Users can delete their own keys, while Account Owners and Admins can delete others' keys.
- Creation and Management:
-
Scoped Tokens:
- Purpose:
- Offer more granular control over the objects that users and apps can access.
- Purpose:
-
Rate Limits:
- Enforcement:
- PagerDuty enforces rate limits on REST API resources to ensure fair access.
- Enforcement:
-
Events API Keys:
- Requirements:
- Available to all customers.
- Users with a Manager role or above can generate integration keys.
- Keys are 32-character strings associated with service-level integrations.
- Requirements:
This comprehensive overview covers the essential aspects of PagerDuty's APIs, API key management, and related considerations. If you have any specific questions or need further clarification on any of these topics, feel free to ask.
