Skip to main content

Creating an API Key for Checkmarx One Integrations

You can generate an API Key by logging in to Checkmarx One and generating a new API Key, as described below. Alternatively, an API Key can be generated using the Authentication API.

The roles (permissions) assigned to an API Key are inherited from the user who is logged in when the API key is generated. Therefore, make sure that you are logged in to an account with the appropriate permissions. The minimum required roles for running an end-to-end flow of scanning a project and viewing results are the out-of-the-box composite role ast-scanner as well as the IAM role default-roles. See Managing Roles


Whenever you update your Checkmarx One license (e.g., adding a new scanner) all existing API Keys become invalid. You will need to generate new API Keys to replace those that are used in your integrations and plugins.

To Log in to Checkmarx One:

  1. Open the URL for your environment.

  2. Log in to your Checkmarx One account by entering your Tenant Account, Username and Password.


The roles (permissions) assigned to the API Key are inherited from the user account that generates the key. Therefore, make sure that you are logged in to an account with the appropriate.

Generating an API Key

Figure 1. 

GIF - How to generate an API Key

To generate an API Key:

  1. Log in to the Checkmarx One web portal and select Settings Settings.png > Identity and Access Management in the main navigation.

    The IAM portal opens.

  2. In the main navigation, click API Keys, then click on the Create Key button.


    The API Key configuration window opens.

  3. You can optionally adjust the configuration as follows:

    • Note - Add a descriptive note to the API Key.

    • Expiration period - Adjust the period of time until the key expires. The value can be from 30 to 365 days.


      If an administrator set the default expiration period to be "enforced", then this field will be locked.

    • Notification emails - Enter emails of each recipient who you would like to receive notifications regarding expiration of the key. After entering each email, click Add. By default the email of the current user is included.

  4. Click Create.

    The API Key is created and a window opens showing the key.

  5. Copy the key and save it in a place where you will be able to retrieve it for future use.


Once you close the window, you will no longer be able to access this API Key.


You can obtain a curl for submitting the request for an access token, by clicking on Show details and copying the content.