API Authentication
API Authentication
Section titled “API Authentication”SSH-KLM supports multiple authentication methods.
API Keys
Section titled “API Keys”Best for server-to-server integrations.
Creating an API Key
Section titled “Creating an API Key”- Navigate to Settings → API Keys
- Click Create API Key
- Set name, permissions, and expiry
- Copy the key (shown only once)
Using API Keys
Section titled “Using API Keys”curl -X GET https://api.qcecuring.com/v1/hosts \ -H "Authorization: Bearer sk_live_abc123..."Key Permissions
Section titled “Key Permissions”| Scope | Description |
|---|---|
hosts:read | List and view hosts |
hosts:write | Add, update, delete hosts |
keys:read | List and view SSH keys |
keys:rotate | Trigger key rotation |
discovery:run | Start discovery scans |
admin:* | Full administrative access |
OAuth 2.0 / JWT
Section titled “OAuth 2.0 / JWT”Best for user-facing applications.
Token Exchange
Section titled “Token Exchange”curl -X POST https://api.qcecuring.com/oauth/token \ -H "Content-Type: application/json" \ -d '{ "grant_type": "client_credentials", "client_id": "YOUR_CLIENT_ID", "client_secret": "YOUR_CLIENT_SECRET" }'Response:
{ "access_token": "eyJhbG...", "token_type": "Bearer", "expires_in": 3600}Token Refresh
Section titled “Token Refresh”curl -X POST https://api.qcecuring.com/oauth/token \ -d "grant_type=refresh_token&refresh_token=YOUR_REFRESH_TOKEN"SSO Integration
Section titled “SSO Integration”SSH-KLM supports SAML 2.0 and OIDC for enterprise SSO.
OIDC Configuration
Section titled “OIDC Configuration”auth: oidc: enabled: true issuer: "https://auth.example.com" clientId: ${OIDC_CLIENT_ID} clientSecret: ${OIDC_CLIENT_SECRET} scopes: ["openid", "profile", "email"]Security Best Practices
Section titled “Security Best Practices”- Rotate keys regularly - Set expiry on API keys
- Use minimum permissions - Grant only required scopes
- Secure storage - Never commit keys to version control
- Monitor usage - Review API access logs