Manage tokens with the DevOps API

Use the DevOps API to generate or revoke an application token for specific roles.

You can use the DevOps API to perform the actions which are available to you through your role permissions.

The following roles can use the application token to use the DevOps API:

  • Organization Administrator

  • Database Administrator

Prerequisites

  1. Create an application token to authenticate your service account in the DevOps API.

  2. Once you have authenticated your service account, you can create and revoke tokens the DevOps API.

Generate a token for client

  1. Get all clients within the organization:

    • cURL command (/v2)

    • Result

    curl --request GET \
     --url 'https://api.astra.datastax.com/v2/clientIdSecrets' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <application_token>'
    {"clients":[
    	{"clientId":"DkFtHKMhDQDuQtlExkSzwbya",
    		"roles":["21ef3576-0197-415a-b167-d510af12ecf0"],
    		"generatedOn":"2021-02-22T17:09:58.668Z"},
    	{"clientId":"eYSboCJaESiblJZnKZWMxROv",
    		"roles":["21ef3576-0197-415a-b167-d510af12ecf0"],
    		"generatedOn":"2021-04-28T18:49:11.323Z"}
    ]}
  2. Create an application token for a specific client:

    • cURL command (/v2)

    • Result

    curl --request POST \
     --url 'https://api.astra.datastax.com/v2/clientIdSecrets' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <application_token>' \
     --data '{"roles": ["<roleId>"]}'
    {
      "clientId":"zjCEYwRGWocLfQJHBNQxvorr",
      "secret":"SLR.cllL1YzfJDnl+YhUv5DMKlx8HaeMFTKjIJ4I6YdKB7w-K7U_+j-a9daWbbcp0uugXW,hb.3J2S0PPqDNhT6+oUiPYYaI+,xuwm2O97.ZpHcYvCsnlrTyl8w1pH-0",
      "orgId":"dccb8c32-cc2a-4bea-bd95-47ab8eb20510",
      "roles":["21ef3576-0197-415a-b167-d510af12ecf0"],
      "token":"AstraCS:zjCEYwRGWocLfQJHBNQxvorr:8709074baaf63e746cc5de52891e3a5ca88c73ae1fb7336652e9b59b9e69eff2",
      "generatedOn":"2021-04-30T19:38:26.147847107Z"
    }

For more, see Generate token for client in the DevOps API.

Remove a token

When you remove a token, all users and roles assigned to that role will no longer have access.

  1. Get a list of the available client IDs and secrets for your organization:

    • cURL command (/v2)

    • Result

    curl --request GET \
     --url 'https://api.astra.datastax.com/v2/clientIdSecrets' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <application_token>'
    {"clients":[
    	{"clientId":"DkFtHKMhDQDuQtlExkSzwbya",
    		"roles":["21ef3576-0197-415a-b167-d510af12ecf0"],
    		"generatedOn":"2021-02-22T17:09:58.668Z"},
    	{"clientId":"eYSboCJaESiblJZnKZWMxROv",
    		"roles":["21ef3576-0197-415a-b167-d510af12ecf0"],
    		"generatedOn":"2021-04-28T18:49:11.323Z"}
    ]}
  2. Remove a token for a specific client ID:

    curl --request DELETE \
     --url 'https://api.astra.datastax.com/v2/clientIdSecrets/<clientID>' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <application_token>'
  3. Get a list of the available client IDs and secrets for your organization to confirm it was removed:

    curl --request GET \
     --url 'https://api.astra.datastax.com/v2/clientIdSecrets' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <application_token>'

For more, see Revoke a token in the DevOps API.

What’s next?

You can now use your token to connect to the Astra DB APIs. See more about the available APIs: