Service Accounts
Access model for service accounts in the REST API.
Service accounts are non-user identities for automation and server-to-server workflows.
Creation permissions
Service accounts can be created by workspace Owner or Admin roles. Workspace Member role cannot create service accounts.
Access model
Service account access is configured in two layers:
- Workspace-level access for workspace resources and global capabilities.
- Individual access for specific projects and environments.
This lets you combine broad workspace permissions with explicit per-project and per-environment access assignments.
API key permissions
All API keys created for a service account share the same permissions as that service account.
IP allowlist
IP allowlist is configured at the service account level and is shared across all API keys created for that service account.