Directory Insights is JumpCloud's event logging and compliance feature. It shines a light on audit trails leading up to critical events so you know the what, where, when, how, and who of your directory activities.
You can use our RESTful API, PowerShell Module, and Admin Portal to access event logs, see activity happening in your directory, and monitor user authentications to the User Portal, SAML SSO applications, RADIUS, and LDAP. See Directory Insights to learn more.
With the exceptions listed below, all API documentation has been moved to JumpCloud API Docs. Depending on the functionality desired, you may need to call either, or both endpoints in v1 and v2 of our API.
Supplemental scripts and precompiled binaries can be found on our public Github Support Repository.
Additional client code can be found in the following repos:
Accessing Your API Key
Considerations:
- API access will be disabled for Admins by default.
- Only Admins with Billing role can enable API access. If you need to access your API key, contact your Admin with Billing to enable this for you. See Enable API Access to learn more.
- Admins without API access enabled will receive the following error: "You don't have permission to view or generate an API Key. Contact your Admin to have them enable this for you.”
To leverage any of JumpCloud's available API options, an API key is required during the configuration.
To access your API key:
- Log in to the JumpCloud Admin Portal.
- In the top-right, click your account initials and select My API Key.
- If you haven't generated an API key yet, you'll have the option to Generate New API Key.
- You'll receive an API key, it has the prefix 'jca_' before it to help you search for it easier.
- API Keys are only displayed at the time they’re created. Make sure to store it in a secure place, like JumpCloud’s Password Manager so you can access it when you need it.
To set a Time to Live (TTL) for your API Key:
Note: Admin accounts created before July 15, 2024 will have no expiration date for their API keys. This can be changed at any time.
- In the top-right of the Admin Portal, click your account initials and select My API Key.
- Click the Expiration Date menu and select from the following options; 30 days, 60 days, 90 days, Custom, or No Expiration. Your selection will automatically save.
- The Custom option allows you to set the expiration for as little as one hour, to as many as 365 days.
- The API key expiration date is displayed here as well. You will be emailed daily that your API key is expiring starting 7 days from your API key expiration. Once your API key has expired, you will have to generate a new one, and update any existing integrations.
Note: If you generate a new API key, the default expiration for the key will be set to 90 days.
Generating a New API Key
It's very important to exercise strong security posture when handling your API key, as it gives unfiltered access to your JumpCloud instance through API calls. If you believe for any reason that your API key may have been shared or compromised, we suggest generating a new API key.
- Log in to the JumpCloud Admin Portal.
- In the top-right, click your account initials and select My API Key.
- Click Generate New API Key to have a new API key generated and displayed.
Warning: Generating a new API key will revoke access to the current API key. This will render all calls using the previous API key inaccessible. You will have to update any existing integrations that use an API key with the newly generated value.
This will impact any of the following integrations:
- AD Import
- HRIS integrations
- Custom API Integrations
- JumpCloud Powershell Module
- Jumpcloud-Slack-App
- Directory Insights Serverless App
- ADMU
- 3rd party MDM Zero-touch packages
- Command Triggers
- Okta SCIM integration
- Entra ID SCIM integration
- Integrations built to create/update users and/or devices using 3rd party tools like Workato, Aquera, Tray,io, etc.
- Automations and custom apps, and any other use cases that involve an Admins JumpCloud API key.
FAQ
This is only available one admin at a time.
Yes, the ability to enable/disable access is also available via the API.
If you forget your API key and need that for downstream integrations, you're required to generate a new one. In this case, the old key will be expired and no longer valid.