Generating an API Key for ingestion by using a service ID for authentication

You can use a service ID API key to send logs by using the Logging agent.

The API key is used to open a secure web socket to the IBM Cloud Logs ingestion endpoint to authenticate the Logging agent.

API keys are used to authenticate as a particular service ID and are granted the access that is associated with that specific service ID. For more information, see Managing service ID API keys.

Make sure the user who grants the policy has the Sender role permissions.

Make sure to grant the service ID the Sender role before generating the API key.

Generating an API Key by using the CLI

Complete the following steps to generate an API key for a service ID by using the CLI:

Log in to your IBM Cloud account.

After you log in with your user ID and password, the IBM Cloud dashboard opens.
Create a service ID that is used for the IAM policies and API key credentials.

Be sure to give the service ID a description that helps you retrieve the service ID later.
```
ibmcloud iam service-id-create logs-svc-id --description "Service ID for IBM Cloud Logs"
```

Add an IAM policy for your service ID that grants access to send logs.

ibmcloud iam service-policy-create <SERVICE_ID> --service-name logs --roles Sender

Create an API key for the service ID.

Be sure to give the API key a description that helps you retrieve the key later. Save your API key in a secure location. You can't retrieve the API key again. If you want to export the output to a file on your local machine, include the --file <path>/<file_name> option.
```
ibmcloud iam service-api-key-create logs-ingestion-key <SERVICE_ID> --description "API key for service ID <SERVICE_ID> with permissions to send logs to the IBM Cloud Logs service"
```