1fj3q (1fj3q) asked a question.
API keys
I have more than one API keys created under an account and want to get stats on each API key usage. Is there a way to get the Stats from the Syslog as to how many times API Key was used?
1fj3q likes this.
- t529b (t529b)
API tokens don't show up in the system log, just the name of the account used to generate them. And you wouldn't want the tokens to be logged where others might see them. The only way to keep track of individual token usage would be to create a new account each time you need a token, and only generate one token per account, then you could track their usage by account names.
It might be nice to have the ability to assign a label to a token when it's created, and then include token labels in the system log whenever they're used, if that's possible. That would allow for tracking of multiple tokens per account, which seems more efficient.
Personally, I prefer the one token per account system, so I can modify the permissions on one without affecting the others.
Expand Post - sergiu.Costea1.5343792916171697E12 (Vendor Management)
Hi Sandeep,
Thank you for posting your question.
As Mike Koch confirmed, API tokens can't be found in your Okta syslogs but the actor / account associated with the API token information can be retrieved.
Examples will be service accounts used to run API calls to create users , create groups or connected with your on-prem directory such as AD or LDAP.
As per Mike Koch response, "It might be nice to have the ability to assign a label to a token when it's created, and then include token labels in the system log whenever they're used, if that's possible. That would allow for tracking of multiple tokens per account, which seems more efficient. " , that sounds like an interesting feature that can be created by our engineering team.
I would recommend to submit a feature request too by clicking the "help and training" link in your admin console, going to community and clicking the "ideas" tab there. This area is regularly monitored by our Product Management team and if they find the feature request is popular, they might consider it as part of the product roadmap. Also other Admins might find it useful and upvote it which greatly improves the time response.
Please find more information regarding API tokens in the below KB:
https://developer.okta.com/docs/api/resources/tokens/
https://help.okta.com/en/prod/Content/Topics/Security/API.htm
If you'll have any questions or require assistance, please contact Okta Support.
Kind regards,
Sergiu Costea
Technical Support Engineer
Okta Global Customer Care
Expand Post
This question is closed.
API tokens don't show up in the system log, just the name of the account used to generate them. And you wouldn't want the tokens to be logged where others might see them. The only way to keep track of individual token usage would be to create a new account each time you need a token, and only generate one token per account, then you could track their usage by account names.
It might be nice to have the ability to assign a label to a token when it's created, and then include token labels in the system log whenever they're used, if that's possible. That would allow for tracking of multiple tokens per account, which seems more efficient.
Personally, I prefer the one token per account system, so I can modify the permissions on one without affecting the others.