API keys
A NetBackup API key is a pre-authenticated token that identifies a NetBackup user to NetBackup RESTful APIs. The user can use the API key in an API request header when a NetBackup API requires authentication. API keys can be created for authenticated NetBackup users (groups are not supported). A specific API key is only created one time and cannot be recreated. Each API key has a unique key value and API key tag. NetBackup audits operations that are performed with that key with the full identity of the user.
The 'View' RBAC permission is required to create an API key.
The following actions are available for administrators and API key users.
Administrators with the applicable role or RBAC permissions can manage API keys for all users. These roles are the Administrator, the Default Security Administrator, or a role with RBAC permissions for API keys.
An authenticated NetBackup user can add and manage their own API key in the NetBackup web UI. If a user does not have access to the web UI, they can use the NetBackup APIs to add or manage a key.
Note:
Starting with NetBackup 10.5, if multi-person authorization is enabled for API key operations, a ticket is generated. After the multi-person authorization ticket is approved, the user needs to execute the ticket using the Execute ticket option in the NetBackup web UI and then the required API key operation is executed.
For NetBackup releases earlier than 10.5, if multi-person authorization is enabled, you cannot perform API key operations.
See User identity in the audit report.
See the NetBackup Security and Encryption Guide for information on using API keys with the bpnbat command.