Downloading API key usage
Monitor your team's security by exporting a comprehensive report of all active and historical API keys, including creator details and last-used timestamps.
API keys provide programmatic access to your Celonis environment. To maintain a secure "least-privilege" ecosystem, administrators must regularly audit these keys to identify:
Stale keys: Identifying keys that haven't been used recently and can be safely deleted. If a key hasn't been used in 30+ days, it should be revoked immediately to reduce the attack surface.
Accountability: Mapping every key to a specific creator for better oversight. We suggest using dedicated service accounts for long-running integrations rather than individual user API keys.
Security gaps: Ensuring keys are only being used by the intended users or services.
Downloading your API key report
To download the API Keys related data report:
Click Admin & Settings
Scroll down to the API key sections.
Click Download.
The report is downloaded as
api-keys.csv.
Report fields
When downloading your report, the following fields are available:
Key Name/ID: The identifier for the specific API connection.
Creator: The user who generated the key (crucial for accountability).
Created At: When the key was first issued.
Last Used: The most critical field for identifying "stale" keys. If this field is empty, the key might have been created but never actually utilized in a request