Skip to main content

Service Users

A Service User is a CertCentral identity that is used just for API access. It isn’t a person and isn’t linked to an individual CertCentral user account.

Because a Service User isn’t tied to one person, you don’t need to replace its API key when a developer, administrator, or integration owner changes roles, transfers departments, retires, or leaves the company. The API key remains active until you delete the Service User or deactivate or revoke the API key.

You can create multiple Service Users for your account. You can also create multiple API keys for a single Service User.

Before you begin

You must be a CertCentral administrator to create Service Users.

Important

After you generate the API key for the Service User, CertCentral displays the key one time. After you close the API key window, you can’t retrieve the key again. If you lose the key, you should revoke it and generate a new one.

Service User permissions

When you create a Service User, its API key inherits your administrator permissions by default. This means the API key may be able to perform many of the same account actions you can.

To control what the API key can do, select an API key restriction when you create the Service User. After the Service User is created, you can update its API key restrictions as needed.

Audit logging

Service User creation is recorded in your CertCentral audit logs. Each entry includes the date and time, user, activity, source, IP address, division, and country.

Create a service user

  1. In CertCentral, in the left menu, go to Automation > API Keys.

  2. On the API Keys page, select Add API Key.

  3. In the Add API Key window, enter a Description for the new key.

  4. In the User menu, select Create new service user.

  5. In the First Name and Last Name fields, replace the default Service and User values or leave them unchanged.

  6. In the Email address field, enter the email to associate with the Service User.

  7. In the Division restrictions menu, select the divisions to which you want to restrict the Service User, if needed.

    This option appears if your use division in your account.

  8. In the API key restrictions (optional) menu, select a key restriction to limit the API key’s permissions, if needed.

  9. Select Add API Key.

  10. In the New API Key window, select copy to copy an API key.

    If you created multiple API keys, select Download CSV to download a CSV file containing all the API keys.

  11. Save the API keys in a secure location.

    Warning

    CertCentral displays the API keys one time. After you select, I understand I will not see this again, you can't access the API keys again.

  12. After saving the API keys, select I understand I will not see this again.

For the full set of API key options, see Generate an API key.

What's next

You can now use the Service User’s API key to integrate the CertCentral Services API with your environment.

The Service User and its API keys are added to the API Keys page. On this page, you can view Service User and account user API keys, update API key permissions, deactivate API keys, or revoke API keys.

The Service User is also added to the Service users page. On this page, you can view Service Users and update the Service User's first and last name, and associated email address.

To access the Service users page, go to Accounts > Service Users.