Learn how to create and manage service accounts in Soda Cloud to authenticate automated pipelines and API integrations without tying credentials to individual users.
Service accounts are organization-bound identities designed for automated pipelines and API integrations. Unlike regular users, they authenticate exclusively via API key. They have no email/password login and are not tied to any individual's SSO credentials.
Use service accounts when you want API keys that are independent of any individual user, for example in CI/CD pipelines, scheduled scans, or data engineering workflows.
A service account can...
A service account cannot
Run soda-core scans (results attributed to the service account)
Log in to the Soda Cloud UI
Call the Soda Cloud REST API
Participate in agreements, discussions, or incidents via the UI
Be assigned to datasets and user groups
Be used as agents (agents use their own API keys)
Receive notifications
Create and verify data contracts from a pipeline
Log incident activity via API
Create a service account
1
Navigate to Service Accounts
Click on your avatar > Organization Settings > Service Accounts tab
2
Create a new service account
Click on (top right) to create a new service account.
Enter a name and a unique email address for the service account, then confirm.
A unique email is required but it does not represent a real login.
3
Store the API key
Copy the API key that is displayed. This is the only time the key is shown. It cannot be retrieved after you navigate away.
Use the API key ID and secret as credentials wherever you would normally configure Soda API keys, for example in soda-core scan configurations or REST API calls.
Deactivate a service account
In the Service Accounts tab, open the context menu for the account and select Deactivate. The API key is immediately invalidated.
Note: Service accounts cannot be deleted by design. They are only deactivated until activated again.
Default permissions
New service accounts are automatically assigned a default role configured under Organization Settings > Global Roles > Responsibilities. This default role excludes UI-bound permissions that don't apply to non-human accounts.
You can also:
Add a service account to a user group to inherit that group's dataset permissions.
Assign a service account a direct dataset role via the dataset's Edit Responsibilities panel.
When both a group-inherited and a direct dataset role exist, the higher permission takes precedence.
You are not logged in to Soda and are viewing the default public documentation. Learn more about Documentation access & licensing.
