Access Key Management
Overview
Access keys are similar to API keys — they let administrators authenticate into an application using the Descope authentication service. Access keys can be exchanged for a session JWT. The Access Key Management APIs provide endpoints for managing these keys.
Use Cases
- Load an Access Key
- Search Access Keys
- Create Access Key
- Update Access Key
- Activate Access Key
- Deactivate Access Key
- Activate Access Keys in Batch
- Deactivate Access Keys in Batch
- Delete Access Keys in Batch
- Delete Access Key
Examples
Example - create an access key and exchange it for a JWT
- Call the Create Access Key endpoint and capture the generated key from the
cleartextfield in the response. - Pass the key to the Exchange Access Key endpoint to exchange it for a JWT.
Example - search and deactivate an access key
- Call the Search Access Keys endpoint to find the key you want to deactivate.
- Call the Deactivate Access Key endpoint using the access key ID from step 1.
Import User Passkeys POST
Import passkey credentials for a user, using a valid management key.
Load An Access Key GET
### Load an access key, using a valid management key. This API endpoint allows administrators to load the details of an existing access key. The response contains details of the access key including associated roles and tenants as well as details of the key's creation, status, and expiration. ### Next Steps Once you have this data, you can utilize the response to [Update an access key](/api/management/access-keys/update-access-key), [Activate an access key](/api/management/access-keys/activate-access-key), [Deactivate an access key](/api/management/access-keys/deactivate-access-key), or [Delete an access key](/api/management/access-keys/delete-access-key). ### See also - See [Access Key Management](/access-keys) for further details on managing access keys.