API Keys

You can create and manage Application Program Interface (API) keys for Check Point Portal services to automate your configuration and integrate with third-party applications. For more information about the Check Point Portal API, see the API documentation. Each third-party application must receive its own API Key. These are the types of API Keys:

Account API Key

Includes access to one Check Point Portal service in your Check Point Portal account.

User API Key

Includes access to Check Point Portal services that a specific user can access from their account. If an administrator of the Check Point Portal account changes the Specific Service Roles for the user, the changes also apply to the User API Key. For information about assigning roles to users, see Users and User Groups.

These actions are not supported for a User API Key:

  • Change user profile

  • Create, read, update, and delete (CRUD) other API Keys.

  • Switch to a different Check Point Portal account

  • Delete a Check Point Portal account

  • Modify Check Point Portal account settings (examples: Users, Services and Contracts)

This video shows you how to create a new Account API Key.

Watch the Video

  1. In the Check Point Portal, go to > API Keys.

  2. Click New > New account API key.

  3. In the Create a New API Key window, select a Service.

    For some services, it is necessary to select the applicable Role.

  4. In the Expiration field, select an expiration date and time for the API Key. We recommend to set the expiration date three months from the present date. It is possible, but not recommended, to create an Account API Key without an expiration date.

  5. Optional - In the Description field, enter a description for the API Key.

  6. Click Create.

    The Check Point Portal generates a new API Key.

  7. Copy these values and keep them in a safe place:

    • Client ID - The Identifier for your account and for the client service that uses this API key.

    • Secret Key - The password to get access to the Check Point Portal.

    • Authentication URL - Shows the URL address used to authenticate API requests. In addition, it shows the specific gateway that uses this URL to authenticate the Client ID and Secret Key.

    Important - You can always obtain the Client ID from the API Keys table, but you cannot retrieve the Secret Key or Authentication URL after the Create a New API Key window is closed.

  8. Click Close.

This video shows you how to create a new User API Key.

Watch the Video

,
  1. In the Check Point Portal, go to > API Keys.

  2. Click New > New user API key.

  3. In the Select User field, select a user to associate with the API key.

  4. In the Expiration field, select an expiration date and time for the API key. By default, the expiration date is three months after the creation date.

  5. Optional - In the Description field, enter a description for the API key.

  6. Click Create.

    The Check Point Portal generates a new API key. API

  7. Copy these values and keep them in a safe place:

    • Client ID - The Identifier for your account and for the client service that uses this API key.

    • Secret Key - The password to get access to the Check Point Portal.

    • Authentication URL - Shows the URL address used to authenticate API requests. In addition, it shows the specific gateway that uses this URL to authenticate the Client ID and Secret Key.

    Important - You can always obtain the Client ID from the API Keys table, but you cannot retrieve the Secret Key or Authentication URL after the Create a New API Key window is closed.

  1. Create a new Account API key with the Check Point Portal as a service and the Admin role.

  2. In the API call, authorize with the obtained Client ID and Secret Key.

    Method/URL: POST {{baseURL}}auth/external

    Headers: Content-Type: application/json

    Body (raw, JSON):

    Copy 
    {
    "clientId": <Client-ID>,
    "accessKey": <Secret-Key>
    }

    You get an authorization token.

  3. In the next API call, get an API key for the child account.

    Method/URL: POST {{baseURL}}api/v1/tenant/token

    Authorization: Bearer Token: token from Step 2

    Headers: Content-Type: application/json

    Body (raw, JSON):

    Copy 
    {
      "appId": <Account-ID>,
      "description": "string",
      "expiration": "2025-09-25T15:02:01.764Z",
      "role": "Admin",
      "roles": [
        <Role-name>
      ]
      "childTenantId": <Child-Account-ID>
    }

    You get the Client ID and Access Key for the child account.

  4. Using the child account API key (Client ID and Access Key), create a token for the child account.

    With this token, perform actions on the child account, for example, enforce an MFA policy.

  1. In the Check Point Portal, go to > API Keys.

  2. In the API Keys table, select the applicable API key and click Edit.

  3. Make the necessary edits and click Save.

  1. In the Check Point Portal, go to > API Keys.

  2. In the API Keys table, select one of API keys.

  3. From the top toolbar, click Delete.

  4. In the Delete Token window that opens, click Delete.

  1. Right-click the top row of the table that contains the names of the columns.

    A list of column names opens.

  2. Select columns to show in the table.

    Only the selected columns appear in the table.