Our monitoring solutions and APIs use API keys to authenticate and verify your identity. These keys allow only approved people in your organization to report data to New Relic, access that data, and configure features. The primary keys are the license key (for reporting data) and the (for working with NerdGraph, our GraphQL API).
Create and manage your API keys from the API keys UI page so you can start observing your data right away
Our main API keys
Key
Details
To view and manage
Read more
License key,
used for data ingest
License keys are used to report almost all data (except for browser and mobile monitoring data, which use their own keys). Each key is tied to a specific account and you can create as many as you want.
A user key is required to use NerdGraph, our GraphQL API, which is used for querying data and configuring features. Each user key is tied to a specific user.
Use our NerdGraph API for a programmatic way to manage license keys, browser keys, and user keys
The account ID is another identifying number often required for reporting data to New Relic.
Copying keys from the UI
You can also copy existing API keys from the API keys UI page. Here are some details about the language used in the UI:
Copy key versus Copy key ID: The first option copies the value of the key itself. In almost all cases, you'll use that. The second option copies the ID of the key, which is sometimes needed for referencing the key object via API.
Copy truncated key: This option is available for keys that are not yours. It copies only a few digits from the key, which can be useful for your internal tracking of keys, or for talking with support.
Recommendations for managing API keys
If your API keys get into the wrong hands, it can present a security risk. For example:
Someone with your could send arbitrary data to your account.
Someone with one of your team member's user keys could view your New Relic data and make changes to your New Relic account.
You should treat your API keys securely, as you would passwords and other sensitive information. Some recommendations:
For the license key and the browser key, consider implementing a key rotation strategy: creating new keys and deleting old ones on a set schedule. Considerations:
You can't delete the original keys associated with an account, so to implement a strong security strategy, you must create additional keys that you can later delete.
Note that this doesn't apply to the mobile app token; you can't delete a token or create additional tokens.
For the :
Instruct your team members to keep their user keys secure.
When members leave your organization, remove them from New Relic.
Our main key used for data ingest is called the license key. In the API keys UI and in NerdGraph, this key is sometimes referenced as ingest - license.
The license key is required for almost all New Relic data ingest. The exceptions are browser monitoring data (which uses a browser key) and mobile monitoring data (which uses a mobile app token).
The license key is a 40-character hexadecimal string associated with a New Relic account. When you first sign up for New Relic, an organization with a single account and its own license key are created. If more accounts are added, each account starts with its own license key. The license key originally created for an account cannot be deleted but you can create additional license keys that can be managed and deleted, and this is useful for implementing security-practices such as key rotation. If you need to delete an account's original license key, contact support.
To restrict a user from being able to view or manage license keys, assign them a role without those permissions: original user model | newer user model.
Browser monitoring uses a browser key to report data, rather than the license key. The browser key is used to associate data from the browser monitoring agent to your account.
You can't manage or delete the original browser key created when your account was created, but you can create new browser keys and delete those keys. For assistance deleting an account's first browser key, contact support.
Mobile monitoring uses a mobile app token to report data, rather than the license key. See Mobile app token for more information.
New Relic user keys, sometimes referred to as "personal API keys," are required for using NerdGraph and our REST API.
A is tied to a specific New Relic user, and cannot be transferred. The user key allows you to make queries for any accounts you've been granted access to, not just the specific account the key was associated with. If a New Relic user is deleted in New Relic, their user keys are also deactivated and won't work.
Even though they provide a user access to multiple accounts, user keys are linked to a single specific account: the account they were created from. The significance of this is that if an account is deleted, any user keys associated with that account will no longer work. (Also, for our REST APIs, calls are limited to the account associated with that user key.)
Besides the main API keys explained above, we have several other, older API keys that some New Relic customers still use. If you don't already use these keys, you likely don't need to start.
Important
This key is still in use but we highly recommend using the , which can be used for the same things and more.
One of our older New Relic API keys used for data ingest is the Insights insert key, also known as an insert key. Note that the license key is used for the same functionality and more, which is why we recommend the license key over this key.
This key is used for the ingestion of data via our Event API, Log API, Metric API, and Trace API, or via the integrations that use those APIs.
Tips on availability and access:
Because these keys are associated with an account and not a specific user, anyone in the account with access to a key can use it.
As a best practice for security purposes, we recommend you use different Insights insert keys for different applications or different data sources.
The admin key is one of our older, deprecated API keys. As of December 4, 2020, all existing admin keys have been migrated to be user keys.
If you were using admin keys, you don't need to do anything for those keys to remain active. They'll be automatically accessible via the API keys UI, labeled as user keys, and granted identical permissions. You can manage them as you would any user key via the same workflow.
All migrated admin keys will have a note that says Migrated from an admin user key in the key table.
The REST API key is an older key for using our REST API. We now recommend using the user key instead of the REST API key. The user is user-specific as opposed to account-specific, which gives your organization more control over your team members' access. Also, we recommend using our newer API, NerdGraph, instead of the REST API.
Things to consider:
Each New Relic account can have only one REST API key.
We recommend using a user key instead of the REST API key.
We recommend using NerdGraph over the REST API, if possible.
Requires admin-level user permissions. If you don't have access to the REST API key or the REST API explorer, it might be due to lack of permissions. Talk to your New Relic account manager, or use a user key instead.
To find and manage REST API keys: From the user menu, click API keys (get a direct link to the API keys page). Then click REST API key. Before you configure or delete an API key, ensure you are doing so for the correct account.