Mandatory JumpCloud API Key Rotation

Out of an abundance of caution relating to an ongoing incident, JumpCloud has decided to rotate all API Keys for JumpCloud Admins.


For JumpCloud Admins that are using a JumpCloud API key with an integration that relies on a JumpCloud admin API key will need to take action by updating integrations with their new API key(s).


For JumpCloud Admin that are not using a JumpCloud API key, no further action is required at this time as JumpCloud has rotated their API for them out of an abundance of caution.

View Old API Keys Actively Being Used

You can use Directory Insights to see if old API keys are still in use.

To view old API Keys actively being used:

  1. Log in to the JumpCloud Admin Portal.
  2. In the left hand navigation, click INSIGHTS > Directory.
  3. Select the appropriate Time Range to narrow events to the desired time period.
  4. In the Event Type dropdown menu, select admin_old_api_key_attempt to filter the events.


Make sure to select your desired Time Range when filtering for this event, the default is the Last 1 hour. Try extending the range for more results.

  1. A list of results will populate if there are any active, but old API keys being used.
  2. Click the dropdown arrow next to the timestamp of an event to see a Summary.
  3. Click the JSON tab to see the Admin’s Email Address, the User-Agent and Client IP address of the device that’s making the call to the JumpCloud API. 

To access your new API Key:

  1. Log in to the JumpCloud Admin Portal as an Administrator or Command Runner.
  2. In the Admin Portal, click your account initials displayed at the top-right and select My API Key from the drop-down.
  3. Your new API key will be displayed in the resulting dialogue.

Once an Admin's API Key is rotated, the old API key associated to that Admin will no longer work. This will impact any of the following: 


Each admin created automatically has an API key generated which corresponds with the role and related entitlements of the administrator (e.g. read only privileges versus administrative privileges). It is very important to exercise strong security posture when handling your JumpCloud API key.  If you believe for any reason that your API key may have been shared or compromised, we recommend generating a new API key.

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case