API Keys¶
The API key enables you to directly use HiddenLayer’s API endpoints to get the full AISec Platform experience. Once logged in, existing users can edit and create new API keys on the Admin > API Keys page.
Create API Key¶
- In the Console, go to Admin > API Keys.
-
Click + Create New API Key.
-
Enter a name for the API key, select an expiration, then click Next.
-
Select the permissions for each category, then click Create API Key. You can select a combination of Read, Write, and Delete permissions, or click All to allow all permissions for the selected category.
See the API Permissions and API Resources tables below for more information.
No Permissions Selected
Not selecting any permissions will create an API key with all permissions enabled.
-
A unique API key is generated. The
clientIDandclientSecretinformation is displayed. Click on the copy icon and save into a password manager or to a file in a secure location.Save the ID and Secret
It is important to save this information because you cannot retrieve it in the future.
-
After saving this information, click Close.
Expired API Key¶
When an API key is created, an expiration is set. When an API key expires, it is securely deleted and automatically removed from the Console.
Delete API Key¶
-
On the API Keys page, click the three vertical dots for the API key you want to delete.
-
Click Delete. A message displays, asking you to confirm deleting the key.
-
Click Delete.
When should I create a new API key?¶
API keys are highly secure assets and should be treated as such. Below are examples of when new API keys need to be created. This list is provided as examples based on best practices, and is not exhaustive. We recommend reviewing your own company policies around such requirements.
| Scenario | Description |
|---|---|
| Security Updates | Create a new API key if you suspect that the current key has been compromised or as part of regular security updates. Regularly rotating API keys is a good security practice. |
| New Team Members or Roles | If a new team member requires access or if there are changes in roles within the team, generating a new API key can help maintain proper access controls. |
| Project or Environment Changes | For different projects or development environments (like staging, production), it's advisable for you to use separate API keys. This helps in tracking and managing access more effectively. |
| After Key Expiration | If the API key has an expiration date, a new key must be created upon its expiry to maintain uninterrupted access to the platform. |
| Policy or Compliance Requirements | You may have organizational policies or compliance standards in place that dictate how often API keys should be rotated or renewed. |
| Lost API Key | API keys are not recoverable. If you forget or lose your API key you must create a new one. |
API Permissions¶
| Permission | Description |
|---|---|
| All | The ability to read, write, and delete items in the given category. |
| Delete | The ability to delete items in the given category. |
| Read | The ability read or view items in the given category. |
| Write | The ability to create or edit items in the given category. |
API Resources¶
| Category | Description |
|---|---|
| API Keys | The keys for interacting with the HiddenLayer API. |
| Detections | A Detection is a grouping of convictions, which are malicious events. |
| Inference | An Inference is the process where a model makes predictions or draws conclusions from new data. |
| Model Inventory | The Model Inventory is for model scans. |
| Model Scanner | The permissions for the Model Scanner CLI when deployed in Hybrid Mode. |
| Users | Users who have access to the HiddenLayer Console. |
API Permissions for Console Access¶
When creating an API key, users should only be given access to what is required (principle of least privilege). The following table contains the API permissions needed to perform certain tasks.
| Page | Action | API Permission |
|---|---|---|
| Model Inventory | View | Model Inventory: Read |
| Delete Model | Model Inventory: Delete | |
| Upload | Model Inventory: Write | |
| Community | Model Inventory: Write | |
| Model Details | View | Model Inventory: Read |
| Detections | List | Detections: Read |
| View Details | Detections: Read | |
| Add Note | Detections: Write | |
| Close Detection | Detections: Write | |
| Review Inferences (Model Details and AIDR) | View | Inferences: Read |
| Admin Settings - Users | View | Users: Read |
| Create User | Users: Write | |
| Edit User | Users: Write | |
| Delete User | Users: Delete | |
| Admin Settings - API Keys | View | API Keys: Read |
| Create API Key | API Keys: Write | |
| Delete API Key | API Keys: Delete |
API Permission Related to Products¶
Some HiddenLayer products require an API key and secret. The following table covers the API Permissions needed for a product deployment.
| Product | API Permission | Notes |
|---|---|---|
| Model Scanner CLI Hybrid Mode | - Model Inventory: Read, Write - Model Scanner: Write |
Permissions needed for Model Scanner CLI deployed in Hybrid Mode, including Community Scan. Hybrid Mode sends scan results to the AISec Platform. |