Generating API Keys for the Cato API

This article explains how to generate an API key for the read-only and for the write Cato APIs.

Overview of Cato API Keys

The API Keys Management screen lets you generate API keys in the Cato Management Application that are used to authenticate to the Cato API server. Enter the API key for an API client (such as Postman or Altair) or for scripts to run API calls for authentication to Cato.

Cato supports two types of API calls:

  • View permissions - Perform read-only API calls to retrieve data for your account

  • Edit permissions - Perform write API calls to make changes to your account

Make sure that you copy the API key from the pop-up window. Once you close the pop-up window, you can't access the key again.

Managing API Keys

The API Keys Management screen shows you the API keys for your account. You can use this screen to generate and revoke API keys. The Name for the API key is only used to identify each key and isn't used as part of the authentication process.


Generating an API Key

Generate the key for the Cato API and then paste it in the API client or script.

To generate an API key:

  1. In the navigation menu, click Administration > API & Integrations.

  2. On the API Keys tab, click New. The Create API Key panel opens.

  3. Enter a Key Name.

  4. Select the API Permission for this key.

  5. (Optional) Select a date that the API key Expires at.

    For API keys with Edit permissions, we recommend setting a date that the API key will Expire at.

  6. (Optional) For additional security, in Allow access from IPs, select Specific IP list, and define the IP addresses that are allowed to use this API key.

    The default setting is to allow this API key for Any IP address.

  7. Click Apply. The API key is added and a popup window containing the new API key is displayed.

  8. Click copy.png (Copy) and copy the API Key that is generated by the Cato Management Application and save it to a secure location.

    Once you close this window, you can't access the value for the API key.

  9. Click OK to close the pop-up window.

Revoking an API Key

You can revoke the API key and remove it from the Cato Management Application. Once revoked, the key can't be used to authenticate to the API server.

To revoke an API key:

  1. In the navigation menu, click Administration > API & Integrations.

  2. In the row with the API key, click Delete.png (Delete).

  3. In the confirmation window, click Delete. The API key is revoked and removed from your account.

Was this article helpful?

2 out of 3 found this helpful


  • Comment author
    Yaakov Simon

    Added information about API keys for the Cato Configuration API.

  • Comment author

    It would be better if we could configure IPs using specific Subnet in “Allow access from IPs”

  • Comment author
    Rafael Escobar

    Is it not possible at this time to add a range / subnet of IP's to whitelist for those cloud applications? 

  • Comment author
    Yaakov Simon

    nazmul.hossain  and Rafael Escobar  excellent suggestions. Currently you can only define single IPs, but I let Product Management know about the recommended enhancement. Thanks!

Add your comment