content/operate/rc/api/get-started/manage-api-keys.md
Every REST API request must include the following API keys:
The Account key identifies the account associated with the Redis Cloud subscription.
The User key identifies the user and (optionally) the context of a request. Generated by account owners.
Use the API Keys tab of the Access Management screen to manage your keys:
Sign in to your Redis Cloud account as an account owner.
From the menu, choose Access Management and then select the API Keys tab.
{{<image filename="images/rc/access-management-api-keys-tab.png" width="75%" alt="Use the **API Keys** tab of the **Access Management** screen to manage your REST API keys." >}}
If an Enable API button appears, select it to [enable the REST API]({{< relref "/operate/rc/api/get-started/enable-the-api.md" >}}) for your account.
{{<image filename="images/rc/button-access-management-enable-api.png" alt="Use the **Enable API** button to enable the REST API for your account." >}}
The API account key is used as the value of the x-api-key HTTP header in order to authenticate a REST API request.
By default, the API account key is masked; that is, it is obscured for security reasons. You can use the Show button to display the key and the Hide button to mask it.
{{<image filename="images/rc/button-access-management-show-key.png#no-click" alt="The **Show** button displays the account key." class="inline" >}} {{<image filename="images/rc/button-access-management-hide-key.png#no-click" alt="The **Hide** button masks the account key." class="inline">}}
The Copy button copies the account key to the Clipboard.
{{<image filename="images/rc/button-copy.png" alt="The **Copy** button copies the account key to the Clipboard." >}}
API user keys (also known as secret keys) are used as the value of the x-api-secret-key HTTP header used to authenticate a REST API request.
In this context, user refers to the account used to sign in to the Redis Cloud console. Users must have an owner (read-write) or viewer (read-only) role.
Users can have more than one user key; however, users should not share user keys.
Use the Add button to create a new user key.
{{<image filename="images/rc/icon-add.png" width="30px" alt="Use the **Add** button to begin creating a new user key." >}}
When you do this, you're prompted for the Key name and the associated User name.
{{<image filename="images/rc/access-management-user-key-add.png" alt="When you add a user key, you're prompted to specify the name of the key and the asscoiated user." >}}
The key name:
The selected user must have an owner, viewer, or logs viewer role.
Select Create to create the new key.
{{<image filename="images/rc/button-access-management-user-key-create.png" alt="Use the **Create** button to create the new user key." >}}
When you do this, the API user key dialog appears.
{{<image filename="images/rc/access-management-create-user-key.png" width="75%" alt="The **API user key** dialog lets you copy the value of the new key to the Clipboard." >}}
{{<warning>}} This is the only time the value of the user key is available. Save it to a secure location before closing the dialog box.
If you lose the user key value, it cannot be retrieved. If this happens, create a new key to replace the lost one. {{</warning>}}
The Finish button is inactive until you copy the key to the clipboard. After you save the user key, you can also select Copy account key to save the account key.
To delete a user key:
Use the API Keys tab of the Access Management screen to locate the target key. Hover over the key to display the Delete button.
{{<image filename="images/rc/access-management-api-user-key-delete.png" alt="The **Delete** button appears to the right of the selected user key." >}}
Select the Delete button.
{{<image filename="images/rc/icon-delete-teal.png" width="36px" alt="Select the **Delete** button to begin deleting the selected user key." >}}
This displays the Delete API secret key dialog box.
{{<image filename="images/rc/access-management-delete-api-secret-key.png" width="50%" alt="The **Delete** button appears to the right of the selected user key." >}}
Select the Delete button to confirm.
By default, REST API requests are allowed from all IP addresses. To limit access to specific addresses, define a CIDR allow list for the user key.
To manage the CIDR allow list:
Use the API Keys tab of the Access Management screen to locate the target key. Hover over the key to display the Manage link.
{{<image filename="images/rc/access-management-api-user-key-delete.png" alt="The **Manage** link appears to the right of the user name for the selected user key." >}}
Select the Manage link in the CIDR allow list column; this displays the Manage CIDR allow list dialog box.
{{<image filename="images/rc/access-management-user-key-manage-cidr.png" width="50%" alt="Select the **Manage** link to define the **CIDR allow list** dialog." >}}
Enter each allowed IP address in CIDR format (example: 127.1.0.0/24) and then select the Save button.
{{<image filename="images/rc/button-access-management-cidr-rule-save.png" width="36px" alt="Use the **Save** button to save a CIDR allow list rule." >}}
Use the Add CIDR rule button to add additional addresses to the list.
{{<image filename="images/rc/button-access-management-cidr-rule-add.png" alt="Use the **Add Rule** button to add a new address to the CIDR allow list." >}}
Use the Edit button to change the address for a rule or the Delete button to remove a rule.
{{<image filename="images/rc/icon-edit.png#no-click" width="36px" alt="Use the **Edit** button to change the address for a CIDR allow list rule." class="inline">}} {{<image filename="images/rc/icon-delete-teal.png#no-click" width="36px" alt="Use the **Delete** button to remove an address from the CIDR allow list." class="inline" >}}