Solved: Monitoring Apps and missing API keys permission - Qlik Community

Thomas23

Hi,

We’ve installed the Monitoring Apps in Qlik Cloud. This was done using the automation template. Today, I tried to install the latest version, but I got an error message saying the template is outdated.

So I created and ran the new automation template, “Qlik Cloud Monitoring Apps Deployer.” Then I got the error message: “Error: Missing api-keys permission on executing user. Assign this permission and try again."

However, I can manually create an API key in the Tenant Management Console.

I found online that you need to create a new role and grant that role the “Managed API keys” permission.

I’ve already done all of that, but I still can’t run the automation.

What could be causing this?

Best regards,

Thomas

Levi_Turner

There are a couple of considerations which may have open issues which will be solved in the future. Ensure that there is a direct (aka non group, and not user default) assignment to a role which has the API key scope.

View solution in original post

Eduardo_Monteiro

Hi @Thomas23

1 - Please confirm your custom role has the right permission
In the Administration activity center, go to Manage users → Permissions, open your custom role, and confirm "Manage API keys" is set to Allow (not just present, but explicitly allowed).

2 - Confirm the role is assigned to your user account
In the Administration activity center, go to Manage users, click your user, go to the Roles tab, and verify the custom role appears there. It's easy to assign the role to a group or another user and miss your own account.

3 - Check if the "Developer role" deprecation affected you
Qlik removed the legacy Developer role in late 2025. Users who previously relied on that role and haven't been migrated to a custom role with "Manage API keys = Allow" will find their API keys disabled, with 3rd-party integrations failing. If your account was previously using the Developer role for this, that path no longer works — only the custom role approach is valid now.

4 - Verify the automation is running as the correct user
The automation runs under the identity of the user who owns it. Make sure the automation was created by (and is owned by) the same account that has the custom role assigned. If someone else created it and transferred it to you, it may still be executing under the original owner's identity.

5 - Space membership
There can also be a rights issue related to the space where the apps are being deployed. Make sure the executing user has Can Manage access on the target shared space, not just Can Edit.

Eduardo Monteiro - Senior Support Engineer @ IPC Global
Follow me on my LinkedIn | Know IPC Global at ipc-global.com

Levi_Turner

There are a couple of considerations which may have open issues which will be solved in the future. Ensure that there is a direct (aka non group, and not user default) assignment to a role which has the API key scope.

Thomas23

Hi Levi,

That's it.
You have to assign the role to the user, not the group.
I don't understand why that has to be the case, though. In other applications, roles and permissions are also assigned via groups.

Best regards
Thomas

Levi_Turner

Think of it as a limit to the automation, not to the platform. It's in the queue to get fixed!