Skip to main content

Generating an API Key

You can generate an API Key by logging in to Checkmarx One and generating a new API Key, as described below. Alternatively, an API Key can be generated using the Authentication API.

The roles (permissions) assigned to an API Key are inherited from the user who is logged in when the API key is generated. Therefore, make sure that you are logged in to an account with the appropriate permissions. The minimum required roles for running an end-to-end flow of scanning a project and viewing results are the out-of-the-box composite role ast-scanner as well as the IAM role default-roles. See Managing Roles


Whenever you update your Checkmarx One license (e.g., adding a new scanner) all existing API Keys become invalid. You will need to generate new API Keys to replace those that are used in your integrations and plugins.

Figure 1. 

GIF - How to generate an API Key

To Log in to Checkmarx One:

  1. Open the URL for your environment.

  2. Log in to your Checkmarx One account by entering your Tenant Account, Username and Password.


The roles (permissions) assigned to the API Key are inherited from the user account that generates the key. Therefore, make sure that you are logged in to an account with the appropriate.

To generate an API Key via Checkmarx One:

  1. Log in to the Checkmarx One web portal and select Identity_and_Access_MGMT.png Identity and Access Management in the main navigation.

    The IAM portal opens.

  2. In the main navigation, click API Keys, then click on the Create Key button.


    A new key is created with the permissions of the current user assigned to it.

  3. Copy the key and save it in a place where you will be able to retrieve it for future use.



Once you close the window, you will no longer be able to access this API Key.


You can obtain a curl for submitting the request for an access token, by clicking on Show details and copying the content.