Creating an API Key

To get started integrating the CORL portal with your GRC solution, create a custom API key.

The CORL portal uses a combination of a client secret (an API key) and a bearer token to allow access.  The expectation is:

1. Client generates API key(s) from the Client portal and stores the keys in their GRC application.
2. Use the API key as an input to the authorization API which returns a JSON web token (jwt) token (token has a fixed period of validity).
3. Use the jwt token in the header of API requests.
4. Refresh the jwt token either (a) proactively before it expires or (b) when the system returns an error message.

Topics in this article include:

• Create a new API Key
• Change the API Key Name
• Delete the API Key

Create a new API Key

1. Navigate to the Developer Portal. For more information, see GRC Integration Overview.
2. Click API Key Manager. 
3. Click Create New API Key.
4. Specify an API Key Name. Note: the name is not used for anything by the CORL system.
5. Click Create.

6. Click the Actions button.
7. Copy the API Key value from the CORL portal to your application.

Back to Top

Change the API Key Name

1. Navigate to the API Key Manager. 
2. Locate the API Key and click the Actions button.
3. Change the API Key Name.
4. Click Save API Key Details.

Back to Top

Delete the API Key

1. Navigate to the API Key Manager. 
2. Click the Actions button.
3. Click Deactivate API Key. 
4. The CORL Portal marks the key as Inactive. Tip: You can reactivate the key.

Back to Top