API Keys

API keys authorize server-to-server access for approved integrators. Manage them from Settings > API Keys in the CSCS AOS portal, and store active keys only in backend systems or secret managers.
Secret keys are shown only once after generation or regeneration. Copy the new value immediately, store it securely, and do not share it in tickets, chat, email, browser code, or mobile apps.

API key dashboard

The API Keys screen shows whether your current key is active and gives the metadata needed for operational checks.

API Keys are Active

Confirms that the current key can be used for protected operational requests.

First Generated

Shows when the active key was first issued for the business account.

Last Rotated

Shows the most recent key regeneration time, which helps confirm rollout timing.

Generated By

Shows the role or user context that generated the current active key.
Use this screen when confirming production readiness, checking whether a key was recently rotated, or validating that the active key belongs to the expected business account.

Rotate a key

Rotate from the portal when a key is exposed, stale, shared too widely, or due for scheduled replacement.
1

Open API Keys

Go to Settings > API Keys and confirm the page shows the current key as active.
2

Select Regenerate Keys

Use the Regenerate Keys action on the API Keys screen. Regeneration creates a new secret key and invalidates the previous key.
3

Copy the new secret

In the New API Key Generated window, copy the secret key before closing the window. The plain-text secret will not be shown again.
4

Store and confirm

Save the key in your secret manager, update dependent services, and then confirm that you have stored it securely.

Rotation checklist

StageAction
Before rotationIdentify every service, job, and environment that uses the current key.
During rotationRegenerate from the portal, copy the one-time secret, and update secrets in the same release window.
After rotationRestart or redeploy dependent services, then monitor authentication failures and failed operational calls.
Only rotate keys from a controlled environment with the right operational owner present. If a rotation is accidental or a new key is lost before storage, regenerate again and update dependent systems with the newest key.