Managing user API keys
Under the hood PANDA relies on API Keys to allow users to access the application. These keys also allow the user to :doc:`programmatically access PANDA <api>` if they have the know-how. Every user is automatically issued an API key when they are created. It is not possible to use PANDA without a valid API key.
From time to time it may be necessary to revoke a user's API key and issue them a new one. Normally you would want to do this if you were concerned that their key had been leaked to a third-party or otherwise compromised by someone who should not have access.
If it is the user whom you are trying to keep from accessing PANDA, the right way to do so is to deactivate their account. The only reason to delete a user's API key is if you plan on creating a new one for them.
To regenerate a user's API key go to the user admin page:
localhost:8000 with your PANDA's domain name.
Select a user from the list and scroll down to the bottom of their page. Check the Delete checkbox on the right-hand side of the "Api Keys" section. Click "Save and continue editing".
Scroll to the bottom of the page once more and click "Add another Api Key". Click "Save". Your user now has a new, valid API key and the old one can no longer be used to access your PANDA.