Skip to main content

Create and Manage API Credentials

This article provides information on how to generate Druva platform's REST API credentials so that you can fetch data from it.

Updated yesterday

Overview

Third-party applications and tools can use Druva REST APIs to fetch data. Our platform uses OAuth 2.0 based authentication to process requests from external services. You can generate a client ID-secret pair (called API credentials), on our platform, and then use these credentials to generate a temporary token. Then, use the temporary token to fetch data from our APIs.

As a Druva Cloud Administrator, you can:

  • Create and manage API credentials from the Druva Cloud Platform Console

  • Use these API credentials to integrate applications, tools, services, and scripts with Druva products

This article provides instructions to create and manage API credentials.

❗ Important

Only Druva Cloud Administrators can create and manage API credentials.

Manage API Credentials

  1. Go to Druva Cloud Platform Console Global Navigation > Integration Center.

  2. Choose API Credentials on the left panel.

You will the API Credentials page. You can perform the following actions over the API Credentials page:

Create new credentials

❗ Important

  • For integrating with Endpoints and Data Governance APIs, you must be a Druva Cloud Administrator.

  • For integrating with Hybrid Workloads or Cyber Resilience APIs, both, Druva Cloud Administrator and Product Administrator can perform the integration.

On the API Credentials page, perform the following steps to create new credentials:

  1. Click New Credentials. The New Credentials window appears.

  2. Provide a name for the credential.

    πŸ’‘ Tip

    For ease of recognizing the credential name, it is recommended to name the credential so that it matches the name of the application or tool that you intend to integrate with Druva products.

  3. To apply network restrictions, perform the steps provided in Apply network restrictions.

  4. To apply authorization restrictions, perform the steps provided in Apply authorization restrictions.

  5. Click Save. The Credential Details window appears.

  6. Click the copy icon to copy the generated Client ID and Secret Key to the clipboard.
    ​

    πŸ’‘ Tip

    Client ID and Secret Key are equivalent to user name and password. You can use all the Druva APIs and access your Druva data. You must not share Client ID and Secret Key with anyone who is not authorized.

    ❗ Important

    • Secret Key is required to authenticate third-party applications to generate the access token.

    • You need to generate a new Secret Key for the associated credential if you do not copy the Secret Key as per step 3.

    • API usage and activities can be tracked through audit trails. The audit trails display the API credential details, target APIs, and user details along with the time of usage.

Apply network restrictions

With the Network Restriction feature, you have an option to secure the usage of API credentials and access to your data via APIs. The Network Restriction feature restricts the API usage from a particular IP address or a range of IP addresses.

On the API Credentials page, perform the following steps to apply network restrictions:

  1. Click on the credential name for which you intend to apply network restrictions.

  2. Click Edit. The Edit Credentials window appears.

  3. Select the Enable Restrictions checkbox.

  4. In the IPs box, type the public IPs of your corporate network.
    You can specify the IP addresses in the following formats.

IP Address

Example

Single IP address

192.0.2.123

Range of IP address, separated by a hyphen (-).

192.0.2.1 - 192.0.3.254

Multiple ranges of IP address, separated by comma (,).

192.0.2.1 - 192.0.3.254, 192.0.7.1, 192.100.0.1 - 192.100.0.254

Apply authorization restrictions

With the Authorization Restriction feature, you have an option to apply role-based restrictions to API credential authorization.

As a result, administrators configuring applications with these API Credentials can only view the information based on the role assigned to these API Credentials.

On the API Credentials page, perform the following steps to apply the restriction to API credential authorization across inSync and Phoenix.​​​​

  1. Click on the credential name for which you intend to apply network restrictions.

  2. Click Edit. The Edit Credentials window appears.

  3. Select Druva Cloud Administrator, if you want only Druva Cloud Administrators to authorize the API credentials.

  4. Select Product Administrator to choose the applicable product administrator from inSync and Phoenix.

  5. Click Save.

Generate a new secret key

In case the Secret Key is lost, or stolen, or you failed to copy at the time of generating a New Credential, you must generate a new Secret Key.

❗ Important

  • If you generate a new secret key for the API credential that is currently in use, all the active tokens associated with the old Secret Key along with the old secret key will be revoked.

  • Druva will not authenticate subsequent requests using the old secret key and return an unauthorized exception as a response. Integrations using the old API credentials will fail unless they use the new secret key.

On the API Credentials page, perform the following steps to generate a new secret key:

  1. Click on the credential name for which you intend to generate a new secret key.

  2. Click the More options button and select Generate New Secret Key.

  3. On the confirmation window, click Continue to generate a new Secret Key.

  4. Copy the auto-generated Client ID and Secret Key to the clipboard.

Rename existing credentials

On the API Credentials page, perform the following steps to rename existing credentials:

  1. Click on the credential name that you intend to rename.

  2. Click the Edit button. The Edit Credentials window appears.

  3. Type a new name for the selected credential.

  4. Click Save.

Delete existing credentials

❗ Important

Deleting the credential will result in immediate termination of all the active tokens made through that credential. All subsequent calls using this credential will receive an unauthorized exception as the response.

On the API Credentials page, perform the following steps to delete credentials:

  1. Click on the credential name that you intend to delete.

  2. Click the More options button and click Delete Credential.

  3. On the confirmation window, click Delete to delete the credential.

Filters for API credentials list

API credentials filters help you to monitor role-specific API credentials and audit the Last access using the API credentials for the Role to uncover any security risks.

Considerations for Filters

Druva will show API credentials accessed before December 29, 2022, as Not available. Consider the following when you use the filters for the first time.

Date

Result

December 29th, 2022

Not available for all.

January 4th, 2023

API credentials accessed 7 days ago are displayed.

February 3rd, 2023

API credentials accessed 30 days ago are displayed.

March 6th , 2023

API credentials accessed 60 days ago are displayed.

Created new credentials after December 29, 2022

The new API credentials are listed as Never Accessed.

Applying Filters

Filters

Description

Role

Select the Role to filter the associated API credentials. For example, if you select Druva Cloud Administrator, all the API credentials associated with Druva Cloud Role are listed.

Modified By

The administrator who last modified the API credentials.

For example, if you select administrator A, all the API credentials modified by administrator A are listed.

Last Accessed Before

All the API credentials that were not accessed from the last specified days are listed.

For example, if you select 7 days, all the API credentials logins for the role that didn’t access in the last 7 days are listed.

You can select the duration:

  • Never Accessed

  • 7 days ago

  • 30 days ago

  • 60 days ago

Note: API credentials accessed before December 29, 2022, will be shown as Not available

API Integration Workflow

The following steps are involved to authenticate third-party applications and services to access Druva REST APIs:

  1. Generate Client ID and Secret Key from the Druva Cloud Platform Console. For more information, see Create and Manage API Credentials.


    ​ ❗ Important

    • Druva supports OAuth 2.0 Client Credentials Grant Type.

    • The Client ID and Secret Key have access to all the Scopes by default. Currently, Druva does not support any specific scopes.

  2. Authenticate the third-party application using the Client ID and Secret Key through OAuth 2.0 with Grant Type set to Client Credentials. For more information, see Authentication.

  3. A successful authentication generates an access token that is valid as follows:
    ​
    ​ For inSync and Druva Public Cloud: 30 minutes
    ​
    ​ For Druva Gov Cloud: 30 minutes
    ​
    ​ For inSync Gov Cloud: 15 minutes
    ​

  4. Every API call that is made to Druva APIs requires a valid access token.

  5. Upon successful authentication, Druva Cloud Platform Console provides the necessary information from applicable products, based on the nature of the API.

Security and authentication

Druva supports the OAuth 2.0 protocol of authentication and authorizations. OAuth is an open protocol for token-based authentication and authorization on the Internet. For more information on OAuth 2.0, see the OAuth website.

Related Keywords:globalapis.govdruva.com, globalapis.gov, globalapis., globalapis

Related Articles
How to use API Credentials with Druva Developers Hub
How to access DCP APIs using the Postman application
Integrate applications and services with Druva Products
Configure Druva inSync to Protect Groups Data
Druva inSync - FireEye Helix Integration
Did this answer your question?