API Key Scope (Tenant vs User)

For an External or Custom key, you can assign the key to all users (tenant) or a specific user.

Key Scope (Tenant vs. User)

  • Tenant‑scoped (All users): Broad access within the tenant. Use for system‑level integrations needing wide coverage.

  • User‑scoped (Specific user): Access is limited to the selected user’s permissions at the time of use. Use for tighter control and auditability.

What Happens When a User Is Deleted?

Keys are not removed automatically. Deleting a user does not remove or deactivate any keys.

  • Tenant‑scoped keys: Continue to work because they are associated to the tenant, not the user.

  • User‑scoped keys: The associated user becomes invalid. Run time calls made with that key fail with HTTP 401 – Access Denied (the same as any call lacking required privileges). Manually delete the key if it is no longer needed.

Tasks

Generate an API Key

Display an API Key value

Copy an API Key

Disable or enable an API key

Delete an API key

References

API Keys screen reference

Types of WFO API Keys and when to use them

API Key Privilege Requirements