IBM Cloud Docs
Setting up the API

Setting up the API

IBM® Key Protect for IBM Cloud® provides a REST API that can be used with any programming language to store, retrieve, and generate encryption keys.

Retrieving your IBM Cloud credentials

To work with the API, you need to generate your service and authentication credentials.

To gather your credentials:

  1. Generate an IBM Cloud IAM access token.

  2. Retrieve the instance ID that uniquely identifies your Key Protect instance.

Forming your API request

When you make an API call to the service, structure your API request according to how you initially provisioned your instance of Key Protect.

To build your request, pair a service endpoint with the appropriate authentication credentials. For example, if you created a Key Protect instance for the us-south region, use the following endpoint and API headers to browse keys in your service: 

$ curl -X GET \
    "https://us-south.kms.cloud.ibm.com/api/v2/keys" \
    -H "accept: application/vnd.ibm.collection+json" \
    -H "authorization: Bearer <IAM_token>" \
    -H "bluemix-instance: <instance_ID>"

Replace <access_token> and <instance_ID> with your retrieved service and authentication credentials.

Want to track your API requests in case something goes wrong? When you include the -v flag as part of curl request, you get a correlation-id value in the response headers. You can use this value to correlate and track the request for debugging purposes.

What's next

You're all set to start managing your encryption keys in Key Protect. To find out more about programmatically managing your keys, check out the Key Protect API reference doc.