--- Title: Manage API keys alwaysopen: false categories: - docs - operate - rc description: How to use the Redis Cloud console to create and manage API user keys for your account's team owners weight: 20 --- Every REST API request must include the following API keys: 1. The **Account key** identifies the account associated with the Redis Cloud subscription. 2. The **User key** identifies the user and (optionally) the context of a request. Generated by account owners. Use the **API Keys** tab of the **Access Management** screen to manage your keys: 1. Sign in to your [Redis Cloud account](https://cloud.redis.io) as an account owner. 1. From the menu, choose **Access Management** and then select the **API Keys** tab. {{Use the **API Keys** tab of the **Access Management** screen to manage your REST API keys.}} If an **Enable API** button appears, select it to [enable the REST API]({{< relref "/operate/rc/api/get-started/enable-the-api.md" >}}) for your account. {{Use the **Enable API** button to enable the REST API for your account.}} ## API account key The **API account key** is used as the value of the `x-api-key` HTTP header in order to authenticate a REST API request. By default, the **API account key** is masked; that is, it is obscured for security reasons. You can use the **Show** button to display the key and the **Hide** button to mask it. {{The **Show** button displays the account key.}}   {{The **Hide** button masks the account key.}} The **Copy** button copies the account key to the Clipboard. {{The **Copy** button copies the account key to the Clipboard.}} ## API user keys **API user keys** (also known as _secret keys_) are used as the value of the `x-api-secret-key` HTTP header used to authenticate a REST API request. In this context, _user_ refers to the account used to sign in to the Redis Cloud console. Users must have an owner (read-write) or viewer (read-only) role. Users can have more than one user key; however, users should not share user keys. ### Create a new user key {#secret} Use the **Add** button to create a new user key. {{Use the **Add** button to begin creating a new user key.}} When you do this, you're prompted for the **Key name** and the associated **User name**. {{When you add a user key, you're prompted to specify the name of the key and the asscoiated user.}} The key name: - Must be between 10 and 50 characters long - Can contain alphanumeric characters, hyphens, and underscores. Spaces are not allowed. The selected user must have an owner, viewer, or logs viewer role. Select **Create** to create the new key. {{Use the **Create** button to create the new user key.}} When you do this, the **API user key** dialog appears. {{The **API user key** dialog lets you copy the value of the new key to the Clipboard.}}
{{}} This is the only time the value of the user key is available. Save it to a secure location before closing the dialog box.

If you lose the user key value, it cannot be retrieved. If this happens, create a new key to replace the lost one. {{}} The **Finish** button is inactive until you copy the key to the clipboard. After you save the user key, you can also select **Copy account key** to save the account key. ### Delete a user key To delete a user key: 1. Use the **API Keys** tab of the **Access Management** screen to locate the target key. Hover over the key to display the **Delete** button. {{The **Delete** button appears to the right of the selected user key.}}
2. Select the **Delete** button. {{Select the **Delete** button to begin deleting the selected user key.}} 3. This displays the **Delete API secret key** dialog box. {{The **Delete** button appears to the right of the selected user key.}}
Select the **Delete** button to confirm. ### Manage CIDR allow list By default, REST API requests are allowed from all IP addresses. To limit access to specific addresses, define a CIDR allow list for the user key. To manage the CIDR allow list: 1. Use the **API Keys** tab of the **Access Management** screen to locate the target key. Hover over the key to display the **Manage** link. {{The **Manage** link appears to the right of the user name for the selected user key.}} 2. Select the **Manage** link in the **CIDR allow list** column; this displays the **Manage CIDR allow list** dialog box. {{Select the **Manage** link to define the **CIDR allow list** dialog.}} 3. Enter each allowed IP address in [CIDR format](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation) (example: `127.1.0.0/24`) and then select the **Save** button. {{Use the **Save** button to save a CIDR allow list rule.}} Use the **Add CIDR rule** button to add additional addresses to the list. {{Use the **Add Rule** button to add a new address to the CIDR allow list.}} Use the **Edit** button to change the address for a rule or the **Delete button** to remove a rule. {{Use the **Edit** button to change the address for a CIDR allow list rule.}}   {{Use the **Delete** button to remove an address from the CIDR allow list.}}