Managing tokens
Use the DevOps API to generate or revoke an application token for specific roles.
You can use the DevOps API to perform the actions which are available to you through your role permissions.
The following roles can use the application token to use the DevOps api-reference:
-
Organization Administrator
-
Database Administrator
Prerequisites
-
Create an application token to authenticate your service account in the DevOps API.
-
Once you have authenticated your service account, you can create and revoke tokens the DevOps API.
Alternative token management option
|
As an alternative to the DevOps API, consider using the Astra DB Plugin for HashiCorp Vault, for dynamic token management via |
Specifically, you can:
-
Define a default lease time
-
Create new tokens with lease settings
-
List tokens by each one’s Client ID
-
View lease details
-
List all leases
-
Renew a lease
-
Revoke a token/lease before the lease expires
-
Delete a token
Generating a token for client
-
Get all clients within the organization:
-
cURL command (/v2)
-
Result
curl --request GET \ --url 'https://api.astra.datastax.com/v2/clientIdSecrets' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'{"clients":[ {"clientId":"DkFtHKMhDQDuQtlExkSzwbya", "roles":["21ef3576-0197-415a-b167-d510af12ecf0"], "generatedOn":"2021-02-22T17:09:58.668Z"}, {"clientId":"eYSboCJaESiblJZnKZWMxROv", "roles":["21ef3576-0197-415a-b167-d510af12ecf0"], "generatedOn":"2021-04-28T18:49:11.323Z"} ]} -
-
Create an application token for a specific client:
-
cURL command (/v2)
-
Result
curl --request POST \ --url 'https://api.astra.datastax.com/v2/clientIdSecrets' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>' \ --data '{"roles": ["<roleId>"]}'{ "clientId":"zjCEYwRGWocLfQJHBNQxvorr", "secret":"SLR.cllL1YzfJDnl+YhUv5DMKlx8HaeMFTKjIJ4I6YdKB7w-K7U_+j-a9daWbbcp0uugXW,hb.3J2S0PPqDNhT6+oUiPYYaI+,xuwm2O97.ZpHcYvCsnlrTyl8w1pH-0", "orgId":"dccb8c32-cc2a-4bea-bd95-47ab8eb20510", "roles":["21ef3576-0197-415a-b167-d510af12ecf0"], "token":"AstraCS:zjCEYwRGWocLfQJHBNQxvorr:8709074baaf63e746cc5de52891e3a5ca88c73ae1fb7336652e9b59b9e69eff2", "generatedOn":"2021-04-30T19:38:26.147847107Z" } -
|
For the |
Also refer to Generate token for client in the DevOps API.
Removing a token
|
When you remove a token, all users and roles assigned to that role will no longer have access. |
-
Get a list of the available client IDs and secrets for your organization:
-
cURL command (/v2)
-
Result
curl --request GET \ --url 'https://api.astra.datastax.com/v2/clientIdSecrets' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'{"clients":[ {"clientId":"DkFtHKMhDQDuQtlExkSzwbya", "roles":["21ef3576-0197-415a-b167-d510af12ecf0"], "generatedOn":"2021-02-22T17:09:58.668Z"}, {"clientId":"eYSboCJaESiblJZnKZWMxROv", "roles":["21ef3576-0197-415a-b167-d510af12ecf0"], "generatedOn":"2021-04-28T18:49:11.323Z"} ]} -
-
Remove a token for a specific client ID:
curl --request DELETE \ --url 'https://api.astra.datastax.com/v2/clientIdSecrets/<clientID>' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>' -
Get a list of the available client IDs and secrets for your organization to confirm it was removed:
curl --request GET \ --url 'https://api.astra.datastax.com/v2/clientIdSecrets' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
For more, see Revoke a token in the DevOps API.
