Our monitoring solutions and APIs require one of several API keys. These keys allow only approved people in your organization to report data to New Relic, access that data, and configure features.
If you’re just getting started using New Relic, you don’t need to manually find or input a key: our guided install procedures will automatically include the keys for you. Not yet using New Relic? Set up your New Relic account: it's free, forever!
License keys are used to report almost all data (except for browser and mobile monitoring data, which use their own keys). Each key is tied to a specific account and you can create as many as you want.
A user key is required to use NerdGraph, our GraphQL API, which is used for querying data and configuring features. Each user key is tied to a specific user and a specific account.
If your API keys get into the wrong hands, it can present a security risk. For example:
Someone with your license key could send arbitrary data to your account.
Someone with one of your team member's user keys could view your New Relic data and make changes to your New Relic account.
You should treat your API keys securely, as you would passwords and other sensitive information. Some recommendations:
For the license key and the browser key, consider implementing a key rotation strategy: creating new keys and deleting old ones on a set schedule. Considerations:
You can't delete the original keys associated with an account, so to implement a strong security strategy, you must create additional keys that you can later delete.
Note that this doesn't apply to the mobile app token; you can't delete a token or create additional tokens.
For user keys:
Instruct your team members to keep their user keys secure.
When members leave your organization, even if they're basic users, remove them from New Relic.
Our main key used for data ingest is called the license key. In the API keys UI and in NerdGraph, this key is sometimes referenced as ingest - license.
The license key is required for almost all New Relic data ingest. The exceptions are browser monitoring data (which uses a browser key) and mobile monitoring data (which uses a mobile app token).
The license key is a 40-character hexadecimal string associated with a New Relic account. When you first sign up for New Relic, an organization with a single account and its own license key are created. If more accounts are added, each account starts with its own license key. The license key originally created for an account cannot be deleted but you can create additional license keys that can be managed and deleted, and this is useful for implementing security-practices such as key rotation. If you need to delete an account's original license key, contact support.
Browser monitoring uses a browser key to report data, rather than the license key. The browser key is used to associate data from the browser monitoring agent to your account.
You can't manage or delete the original browser key created when your account was created, but you can create new browser keys and delete those keys. For assistance deleting an account's first browser key, contact support.
Mobile monitoring uses a mobile app token to report data, rather than the license key. See Mobile app token for more information.
New Relic user keys, sometimes referred to as "personal API keys," are required for using NerdGraph and our REST API.
A user key is tied to both a specific New Relic user and a specific account, and they cannot be transferred. The user key allows you to make queries for any accounts you've been granted access to, not just the specific account the key was associated with. If a New Relic user is deleted in New Relic, their user keys are also deactivated and won't work.
Other keys
Besides our main API keys explained above, we have several other older API keys that some New Relic customers still use. If you don't already use these keys, you should have no reason to learn about them.
Important
This key is still in use but we highly recommend using the license key, which can be used for the same things and more.
One of our older New Relic API keys used for data ingest is the Insights insert key, also known as an insert key. Note that the license key is used for the same functionality and more, which is why we recommend the license key over this key.
This key is used for the ingestion of data via our Event API, Log API, Metric API, and Trace API, or via the integrations that use those APIs.
Tips on availability and access:
Because these keys are associated with an account and not a specific user, anyone in the account with access to a key can use it.
As a best practice for security purposes, we recommend you use different Insights insert keys for different applications or different data sources.
One of our older API keys is the Insights query key, which is used for our Insights query API. We recommend using NerdGraph to query and return New Relic data.
The admin key is one of our older, deprecated API keys. As of December 4, 2020, all existing admin keys have been migrated to be user keys.
If you were using admin keys, you don't need to do anything for those keys to remain active. They'll be automatically accessible via the API keys UI, labeled as user keys, and granted identical permissions. You can manage them as you would any user key via the same workflow.
All migrated admin keys will have a note that says Migrated from an admin user key in the key table.
The REST API key is an older key for using our REST API. We now recommend using the user key instead of the REST API key. The user is user-specific as opposed to account-specific, which gives your organization more control over your team members' access. Also, we recommend using our newer API, NerdGraph, instead of the REST API.
Things to consider:
Each New Relic account can have only one REST API key.
We recommend using a user key instead of the REST API key.
We recommend using NerdGraph over the REST API, if possible.
Requires admin-level user permissions. If you don't have access to the REST API key or the REST API explorer, it might be due to lack of permissions. Talk to your New Relic account manager, or use a user key instead.
To find and manage REST API keys: From the account dropdown, click API keys (get a direct link to the API keys page). Then click REST API key. Before you configure or delete an API key, ensure you are doing so for the correct account.
Account ID
The account ID is another identifying number often required for reporting data to New Relic. See Account ID.