# Admin REST API ## Overview The Keeper Admin REST API allows business customers to generate tokens and interact with Keeper's REST API for 3rd party integrations such as SIEM. For vault and administration related APIs, see the [Service Mode REST API](/en/keeperpam/commander-cli/service-mode-rest-api.md). > Note: Support for **CSPM** and **MSP Billing** integrations will be available soon. ### Prerequisites * Enterprise **Root Administrator** permissions (required to create API tokens). * **Keeper Commander** installed to manage tokens via CLI. ### Manage API Tokens via Keeper Commander (CLI) The **Commander** CLI includes a `public-api-key` command group with **list**, **generate**, and **revoke** operations. The snippets below summarize the most useful flows. #### 1. List API tokens ```bash # Table view public-api-key list # JSON output to a file public-api-key list --format json --output api_keys.json # CSV export public-api-key list --format csv --output api_keys.csv ``` #### 2. Generate an API token ```bash # 30‑day SIEM key (Read) public-api-key generate --name "SIEM Integration" --roles "SIEM:1" --expires 30d # Permanent key (never expires) with JSON output public-api-key generate --name "Permanent Tool" --roles "SIEM:1" --expires never --format json --output backup_key.json ``` **Role and action codes** * **Roles**: `SIEM` * **Actions**: `1 = READ`, `2 = READ_WRITE` * **Expiration options**: `24h`, `7d`, `30d`, `1y`, `never` > Example: `--roles "SIEM:1"` means SIEM (read). #### 3. Revoke an API token ```bash # Interactive confirmation public-api-key revoke # Force (no prompt) public-api-key revoke --force ``` #### Security Notes * Treat API tokens like passwords; rotate them on a schedule. * Restrict permissions to the minimum required roles and actions. * Prefer short expirations; use `never` only for special automation cases. * Store tokens in a secure location (e.g., Keeper Vault). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/en/keeperpam/commander-cli/admin-rest-api.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.