Skip to main content

Celonis Product Documentation

Application Keys

Application Keys are user-independent API keys. They can be created by Team Admins in the Admin and Settings. Granular permissions can be assigned to applications to control the scope of functionality for individual applications. They can be used to extract Audit Logs

Application Keys

Application keys are user-independent API keys that can be created by Team Admins in the Admin and Settings. After an application has been created, permissions can be assigned to this application the same way as you would for normal users.

Creation of Application Keys

20873358.png

In order to create application keys, you need a Team Admin status.

Go to Admin and Settings → Applications and click on the button "New Application Key".

20873359.png

You will be prompted to enter a name for the application and click Save.

After this, the Application Key will be generated and you will need to copy it.

20873360.png

Once you have created the application, you will be able to administrate it in the Admin and Settings and rename, delete it and export its permissions

How to assign permissions to an application

After the application is created, you will be able to assign permissions to this application the same way you can assign permissions to individual users or groups.

Guide on how to extract Audit Logs via API can be found HERE

Authentication via an Application Key

Note

It is recommended to use Application keys instead of user API keys whenever possible because Application permissions can be explicitly controlled whereas a client authenticated via a user API key will inherit all permissions of the owning user.

If you choose to use a user API key instead, please follow the instructions for authentication via a user API key found below.

This section describes how to authenticate a client (third-party program) against the EMS using an Application Key:

  1. Create a new Application in the team settings (e.g. https://<customer>.<realm>.celonis.cloud/ui/team/applications).

  2. Save the key shown in the modal. Note that you won't be able to retrieve the key at a later point.

  3. Assign the required permissions for your Application in the team permissions settings (e.g. https://<customer>.<realm>.celonis.cloud/ui/team/permissions)

  4. Send the following header when issuing API requests against the Celonis EMS:

    Authorization: AppKey <your Application key>

If you choose to use auser API keyinstead, please send the following header when issuing API requests against the Celonis EMS:

Authorization: Bearer <your API key>