PAM-CMN-4814 error when trying to add missing API key for MCApiUser
search cancel

PAM-CMN-4814 error when trying to add missing API key for MCApiUser


Article ID: 244168


Updated On:


CA Privileged Access Manager (PAM)


I tried to add API key but I get the following error:



Release : 4.1, may be observed on 4.0 as well



This is an internal user that is expected to have an Api Key associated with it. It is uncommon that this key is missing, but that has been observed in at least one environment.


The solution is to add the key using the Rest API with an API key that has Global Administrator rights:

1) Get the user ID of the MCApiUser user:

Go to Settings > API Doc, expand "users", expand the first GET call (GET /api.php/v1/users.json) and enter "MCApiUser" in the Username field. Click "Try it out!" and provide API key credentials with sufficient rights. This will return basic user information including the user ID.

2) Update the user as follows:

Under "users" on Settings > API Doc expand "PUT /api.php/v1/users.json". Enter the following body, replacing <MCApiUser ID> with the ID found in step 1.

  "userId": "<MCApiUser ID>",
  "apiKeys": [
      "apiKeyId": "0",
      "name": "MCApiKey",
      "description": "API key for collecting data for PAM Management Console.",
      "isActive": "t",
      "roles": [
          "roleId": "21",
          "userGroups": [0],
          "deviceGroups": [0]

Additional Information

While the problem persists, the Management Console gets conflicting information about the cluster, including which node has the role of Aggregator. You may need to delete the cluster configuration on the Management Console and define it new after adding the API key.