Skip to main content
Sumo Logic

Access Keys

In Sumo Logic, you must use an access key to:

  • Register new Collectors. When you install a Collector, in addition to having a role that grants you the Manage Collectors capability, you must supply an access key. You can use a different access key for each Collector, or use the same access key for multiple Collectors. The only time a Collector uses the access key is at installation, so if a key is deleted after a Collector has been set up, the Collector isn't affected.
  • Use Sumo Logic APIs. You must supply an access key to use the Sumo Logic APIs. See API Authentication for details.

You can create and manage your own access keys on the Preferences page in the Sumo web app. If your role grants you the Manage Access Keys capability, you can manage access keys created by other Sumo users on the Administration > Security > Access Keys page.

CORS support

Sumo supports cross-origin resource sharing (CORS), a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. 

When you create an access key, you can optionally define a whitelist of domains that may access Sumo APIs using that access key. 

Whether Sumo accepts or rejects an API request depends on whether it contains an ORIGIN header, and the entries in the whitelist. 

Sumo rejects:

  • Requests with an ORIGIN header is present, but can’t be matched to the whitelist because the whitelist is empty.
  • Requests with an ORIGIN header that doesn't matches any entry in the whitelist.

When Sumo rejects a request, it issues an httpErrorCode 403 error; the error key is "forbidden" and the error message is:

"The request origin is not whitelisted to use this access key."

Sumo accepts:

  • Requests without an ORIGIN header. 
  • Requests with an ORIGIN header that matches an entry in the whitelist.
  • All OPTIONS requests.

When Sumo accepts a request, the response it issues includes the ORIGIN header in an Access-Control-Allow-Origin header.

Manage your access keys on Preferences page

You can use the Preferences page to create, deactivate, and delete your access keys.

Create an access key 

Any Sumo user can generate an access key on the Preferences page. 

  1. In the Sumo Logic web app, click your name in the left nav and open the Preferences page.
  2. In the My Access Keys section, click  + Add Access Key.
    access-key-preferences-page-2.png
  3. The Create a Sumo Logic Access Key window appears.
    create-access-key.png
  4. Enter a name for the access key in the Name field. If you don’t want to create a whitelist of domains from which the access key can be used to access Sumo APIs, go to step 8 below.
  5. (Optional) In this step you can define one or more domains that may use the access key to access Sumo APIs. Enter a domain in the Whitelisted CORS Domains field and click Add.
  6. The window updates, and displays the domain you added.
    domain-added.png
  7. Repeat step 5 and 6 to add additional domains to the whitelist.
  8. Click Create Key to generate the key. 
  9. The window displays the generated Access ID and Access Key. Copy both before clicking Close. After you press Close, you will not be able to recover the Access ID and Access Key.
    generated-access-key.png

Edit, deactivate, or delete an access key you own

When you mouse over an access key on the Preferences page, several controls appear. 
my-access-keys1.png

  • Edit. The pencil icon opens up an Edit Access Key window where you can modify the whitelist for the access key.
  • Deactivate/Reactivate. Depending on the current status the of the key, there will be either an Deactivate or Reactivate link. If you deactivate an access key, Sumo retains the key credentials, but renders the key useless. You can reactivate a key at any time to begin using it again. 
  • Delete. Use the trash can icon to permanently remove the access key. The key will no longer be usable for API calls. However, deleting a key used to register a Collector does not affect the Collector, as the only time a Collector uses the access key is at installation.

Manage all users’ access keys on Access Keys page

If you have the Manage Access Keys capability you can use the Access Keys page to create and edit access keys. You can also manage access keys that were created by other Sumo users:  you can edit, deactivate, and delete any access key.  

Generate an access key on the Access Keys page 

  1. Go to Administration > Security > Access Keys.
    access-key-security-page.png
     
  2. At the top right of the table, click + Add Access Key.
  3. Follow the steps in Manage your own access keys on Preferences page above, starting with step 3.

Edit, deactivate, or delete access keys

The Security > Access Keys page lists all access keys in your account. 

When you mouse over an access key, several controls appear. 
edit-access-key-security-tab.png

  • Edit. The pencil icon opens up an Edit Access Key window where you can modify the whitelist for the access key.
  • Deactivate/Reactivate. Depending on the current status the of the key, there will be either an Deactivate or Reactivate link. If you deactivate an access key, Sumo retains the key credentials, but renders the key useless. You can reactivate a key at any time to begin using it again. 
  • Delete. Use the trash can icon to permanently remove the access key. The key will no longer be usable for API calls. However, deleting a key used to register a Collector has no effect on the Collector, as the only time a Collector uses the access key is at installation.