API Tokens
API Tokens provide a secure way of accessing FlexDeploy REST APIs by protecting user credentials.
API Tokens are randomly generated secure strings that can be used as replacements for a user’s password when accessing FlexDeploy REST API. This is the preferred method of authentication as personal passwords are not sent over the network.
FlexDeploy 7.0 supports this functionality for internal as well as external users.
Generating a New Token
To generate a new token, click on your profile picture in the upper right-hand corner of the header and select Profile and then click on Tokens on the left side. On the API Tokens page, click on Add Token button at the bottom of the list.
This will open a popup where you can provide a name for the token and an expiration date.
Save and Copy the token.
Once this popup is closed you will NEVER be able to view the token value again, so keep it in a safe place.
Using a Token
Once generated a token can be used as a direct replacement for the user’s password.
CURL Example
curl -u "joel:wA5h-or8IHwCx5__IGdMgdEMf1NtGQdV" http://flexdeployhost:8000/flexdeploy/rest/v2/project
Postman Example
Token Metadata
The token itself has certain metadata associated to it to help provide more insightful tracing and debugging of a token.
Field | Description |
---|---|
Token Name | This is for display only and to help you recognize tokens after they have been created. The name should closely resemble how you intend to use the token. |
Expiration Date | A token can no longer be used once the Expiration Date has been reached. It is possible to define a token with no expiration, though it is not recommended. |
Last Accessed On | This provides a timestamp of when the token was last used. You can use this for both monitoring suspicious activity and determining if a token is still in use. |
Last Accessed Origin | This shows the IP address from where the token was last used. Similar to Last Accessed On, this can be used to monitor suspicious activity. |
- style