Manage access for apps and services

Apps and services, for example extractors and machine learning models, need a service account with an associated API key to interact with Cognite Data Fusion through the API or one of our SDKs.

For information about how to authenticate an application or service with CDF, see Authenticate an external application.

In this article:

Create a service account for an app or service

To create a service account:

  1. In the left hand bar, select Access Management.

  2. Select Service Accounts.

  3. Click Create new service account and enter a unique Name for the service account. The name should reflect the purpose of the service account. If the service account is for a user, we recommend that you use the user's email address as the name.

  4. Select the group(s) that have the capabilities you want to assign to the service account.

    We recommend that you give the service account the minimum capabilities it needs to perform its functions.

Assign groups to a service account

Generate an API key for a service account

An API key is a secret string that grants access to a project in Cognite Data Fusion. Each API key connects one service to one project. API keys should never be shared, except if you're creating one for someone who can't create their own.

To create an API key for a service account:

  1. In the left hand bar, select Access Management.

  2. Select Service Accounts.

  3. Select the service account and click Generate new key.

  4. Copy the generated API key and use a secure method to share the API key with the recipient, typically the programmer developing the service.

    Yopass and password manager tools like LastPass are examples of tools you can use to share the API key securely with the person or service you are creating it for.

Generate an API key for the service account

Last Updated: 11/29/2019, 9:56:27 AM