You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add a "Choosing an access level" section explaining read-only vs full
access for API keys, and update the creation steps to include choosing
an access level.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: src/pages/docs/octopus-rest-api/how-to-create-an-api-key.md
+20-2Lines changed: 20 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
layout: src/layouts/Default.astro
3
3
pubDate: 2023-01-01
4
-
modDate: 2025-05-12
4
+
modDate: 2025-06-18
5
5
title: How to Create an API Key
6
6
description: How to create an API key to interact with Octopus without the need for a username and password.
7
7
navOrder: 10
@@ -19,14 +19,32 @@ You can create API keys by performing the following steps:
19
19
20
20
1. Log into the Octopus Web Portal, click your profile image and select **Profile**.
21
21
1. Click **My API Keys**.
22
-
1. Click **New API key**, state the purpose of the API key and click **Generate new**.
22
+
1. Click **New API key**, state the purpose of the API key.
23
+
1. Choose the level of **Access** to grant (see below).
24
+
1. Click **Generate new**.
23
25
1. Copy the new API key to your clipboard.
24
26
25
27
:::div{.warning}
26
28
**Write Your Key Down**
27
29
After you generate an API key, it cannot be retrieved from the Octopus Web Portal again, we store only a one-way hash of the API key. If you want to use the API key again, you need to store it in a secure place such as a password manager. Read about [why we hash API keys](https://octopus.com/blog/hashing-api-keys).
28
30
:::
29
31
32
+
## Choosing an access level
33
+
34
+
:::div{.hint}
35
+
36
+
This feature is currently being rolled out to Octopus Cloud customers and will become available to self-hosted installations in Octopus Server 2026.3.
37
+
38
+
If you don't see the access option when creating an API key, the API key will be created with full access and have the same permissions as your user account.
39
+
40
+
:::
41
+
42
+
Recent versions of Octopus Server add the ability to limit the scope of an API key, to allow only read-only access. Alternatively, you can grant the API key full access to give it the same permissions as your user account. Use the **Preview Permissions** link to see the exact list of permissions that apply to the chosen access level.
43
+
44
+
Read-only scopes are useful for tooling that doesn't need to be able to make changes, perform actions or trigger deployments, such as AI agents (like Claude Code) or for external monitoring systems (like release progression dashboards).
45
+
46
+
Note that it is not possible to create an API key with more permissions than your user account. For these scenarios, you should look at creating an API key under a dedicated [Service Account](/docs/security/users-and-teams/service-accounts) instead. Use this approach for tooling that is not acting on behalf of a particular user.
0 commit comments