API keys
Both the CTI API and the
Blocklist Automation API
authenticate with an API key. You generate them at
platform.ellio.tech/dashboard/api-keys.
Generating a key
The Create New API Key button opens a dialog with three fields:
| Field | Notes |
|---|---|
| Key Name | A human-readable label. Make it specific (splunk-prod-cti, ci-edl-rotator) - you'll thank yourself when you have eight keys and need to rotate one. |
| Access Level | Read Only - CTI lookups and read-only access to the Blocklist platform. Read & Write - also lets the key create, update, and delete rulesets, rules, and EDL Deployments. Use Read Only unless you actually need to mutate state. |
| Expiration | No expiration - key remains valid until manually revoked. Set expiration date - key expires automatically at midnight UTC on the chosen date. |
When you click Generate Key the platform shows the new key value once. Copy it immediately into your secret store. ELLIO does not retain a plaintext copy - if you lose it, revoke the key and generate a new one.
Using a key
Both APIs accept the key two ways - X-API-Key header (recommended) or
apikey query parameter. The same key works against both APIs; the access
level decides which calls succeed.
# Header (recommended)
GET /v1/cti/lookup/198.51.100.42
X-API-Key: <your-api-key>
# Query parameter
GET /v1/cti/lookup/198.51.100.42?apikey=<your-api-key>
See also
- CTI API reference - every endpoint that consumes a key.
- Blocklist Automation API reference - every endpoint that consumes a key.
- Connectors - TAXII connectors use a separate credential set issued from the connector's setup page.