search

Admin REST API

Retrieve SIEM compatible audit events using the Keeper Admin REST API

hashtag
Overview

The Keeper Admin REST API allows business customers to generate tokens and interact with Keeper's REST API for 3rd party integrations such as SIEM. For vault and administration related APIs, see the Service Mode REST API.

Note: Support for CSPM and MSP Billing integrations will be available soon.

hashtag
Prerequisites

  • Enterprise Root Administrator permissions (required to create API tokens).

  • Keeper Commander installed to manage tokens via CLI.

hashtag
Manage API Tokens via Keeper Commander (CLI)

The Commander CLI includes a public-api-key command group with list, generate, and revoke operations. The snippets below summarize the most useful flows.

hashtag
1. List API tokens

# Table view
public-api-key list

# JSON output to a file
public-api-key list --format json --output api_keys.json

# CSV export
public-api-key list --format csv --output api_keys.csv

hashtag
2. Generate an API token

Role and action codes

  • Roles: SIEM

  • Actions: 1 = READ, 2 = READ_WRITE

  • Expiration options: 24h, 7d, 30d, 1y, never

Example: --roles "SIEM:1" means SIEM (read).

hashtag
3. Revoke an API token

hashtag
Security Notes

  • Treat API tokens like passwords; rotate them on a schedule.

  • Restrict permissions to the minimum required roles and actions.

  • Prefer short expirations; use never only for special automation cases.

  • Store tokens in a secure location (e.g., Keeper Vault).

PreviousAdvanced SettingsNextARAM Events

Last updated

Was this helpful?