About the Service API key

The Service API key provides privileged access to the Data Product Hub instance and assets. It is critical and sensitive and thus requires proper protection. Regular rotation of the Service API key according to your organization's security policies is one way to provide secure operations and to protect your data products from unauthorized use. Security best practices recommend regular rotation of the Service API key.

About the functional admin user

When first initialized, Data Product Hub automatically creates a Service ID with the name data-product-admin-service-ID-<catalog_id>. This Service ID serves as the functional admin user for Data Product Hub. The functional admin user is a user ID with global rights to read asset information, connect to data sources, and run jobs within Data Product Hub for delivering data products. This user ID is an IBM Cloud Service ID. You can view the Service IDs for your account at Service IDs.

Rotating an API key

Required roles

IAM Platform role: Admin or Account owner

Data Product Hub collaborator role: Admin

When Data Product Hub is initialized, a Service API key is created. This key is stored on IBM Cloud and authorizes runtime operations for Data Product Hub. Periodically, you must generate a new Service API key. The API key might become stale or invalid, or your security policies require that you periodically rotate keys. A typical security policy suggests that you rotate API keys every 30 to 60 days.

To rotate a key:

1. Navigate to Configurations and settings > Service API key.
2. Click Rotate.

A new key is created to replace the current key. The old key is removed and is not available for use. Account owners and administrators can view the Service API key on IBM Cloud by accessing Manage > Access(IAM) > API keys.

Learn more

Understanding API keys

Parent topic: General administration for Data Product Hub