IBM Cloud Docs
Working with IAM tokens

Working with IAM tokens

You can use IAM tokens to authenticate with the IBM Cloud Monitoring service when you use Python scripts or the monitoring REST API to automate routine tasks and monitor notifications.

Getting an IAM API key through the IBM Cloud UI

An application programming interface key (API key) is a unique code that is passed in to an API to identify the calling application or user. Learn more.

You can use a user API key or an API key that is associated with a service ID that you create.

  • A user API key is associated with a user's identity, and each API key that is created by the user has the same access that the user is assigned. Learn more.

    To view your API keys, go to Manage > Access (IAM) > API keys.

    To create an API key, see Creating an API key.

  • API keys, that are associated with service IDs that you create, are used to connect an application inside or outside of IBM Cloud to an IBM Cloud service. Learn more.

    To view the API keys, go to Manage > Access (IAM), and select Service IDs.

    Service ID API keys inherit all access that is assigned to the specific service ID.

    To create an API key, see Creating an API key for a service ID.

Getting an IAM API token programmatically

Complete the following steps to get an IAM token:

  1. From a terminal, log in to the IBM Cloud.

  2. Run the following command to get a token:

    ibmcloud iam oauth-tokens | grep IAM | cut -d \: -f 2 | sed 's/^ *//'

After you get the token, you can run API calls and use this token in the Authorization header.

When you copy the token include the Bearer keyword: Authorization: Bearer IAM_TOKEN

To get the token without the Bearer word, you can run the following command: ibmcloud iam oauth-tokens | awk '{print $4}'