Solved: Re: are APIs necessarily bind to users?

Kurn · ‎06-23-2025

Hi there!

This is my first post. I've searched though the forum but haven't found an answer. I was wondering if it is possible to generate an API key in the dashboard that is not linked to a user, so that if the user leaves, it can remain functional.

Is this possible or would it be better to make a service account?

Thanks in advance!

aleabrahao · ‎06-23-2025

No, it is not possible.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

aleabrahao · ‎06-23-2025

No, it is not possible.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

aleabrahao · ‎06-23-2025

What you can do is create a dedicated service account and then generate the APIs through that account. Remember to enable MFA for that account.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Kurn · ‎06-23-2025

Thanks for the fast answer! So that's how I imagined it. I'll just have to do it then.

Have a nice day!

p.deleuw · ‎06-24-2025

This is exactly the way I work: Create a service account, activate 2FA and generate API.

mloraditch · ‎06-23-2025

You can't do it with a key but the newer OAuth would possibly help in your use case:https://developer.cisco.com/meraki/api-v1/oauth-overview/

If you found this post helpful, please give it a thumbs up. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Philip D'Ath · ‎06-23-2025

You can use OAUTH.

https://community.meraki.com/t5/Feature-Announcements/Exciting-News-OAuth-2-0-is-Now-Available/ba-p/264026

This works best for applications that run on servers (like a web app), and although it does work in scripts, it doesn't suit scripts as well.

NiclasAndersen · ‎07-14-2025

Will OAuth also be the way to go for automating the creation of organizations and networks, that is hosted on as a web app, or will the service account with api key be the way to go?

obrigg · ‎07-14-2025

Creation of networks - yes.

Creation of new organizations - no. OAuth follows the principles of zero trust, and if it could create a new organization where it will have full admin rights - it would be considered privilege escalation.

What are you trying to achieve?

NiclasAndersen · ‎07-14-2025

i have a website, that automates the creation of new customers(new organizations), including default config for networks, ssids, fw rules and so on.

Another thing i am not totally sure about with OAuth, will the authentication to an org for a specific organization be there for ever, or would the user need to authenticate to an org every time they log in on my website?

Would the approach be to use the service account to create the default config, and with all other operations use OAuth?

obrigg · ‎07-15-2025

Currently, for a use-case of creating new organizations - API keys would make more sense.

Configuration changes, compliance, monitoring - these can be achieved with OAuth.

As long as the OAuth refresh token is used at least once every 90 days - the integration will last indefinitely (unless an admin revokes it).

https://developer.cisco.com/meraki/api-v1/oauth-overview/