Powered by Redocly

Create Token

Invoke the create-token operation

Create a token as

SecurityaccessToken
Request
query Parameters
site
string

Send the request to the specfifed site

Request Body schema:
ttl
string <duration>

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

The token will be valid for the duration specified in ttl. Infinite tokens are not allowed.

object

Metadata such as email, phone number, office etc can be associated with the new token.

policies
Array of strings <name>

Policies to associate with token. Must be a subset of the policies the issuing token has

no-parent
boolean
Default: false

The token will be revoked as soon as the issuing token expires, unless no-parent is set to true. Ie, the resulting token will have the orphan field set to true. root privileges are required to set this to true.

no-default-policy
boolean
Default: false

Add default policy unless this field is set to true.

display-name
string
bound-cidrs
Array of strings <ip-address-and-prefix-length>
  • ipv4-address-and-prefix-length: The ipv4-address-and-prefix-length type represents a combination of an IPv4 address and a prefix length. The prefix length is given by the number following the slash character and must be less than or equal to 32. For example 192.168.131.0/24.
  • ipv6-address-and-prefix-length: The ipv6-address-and-prefix-length type represents a combination of an IPv6 address and a prefix length. The prefix length is given by the number following the slash character and must be less than or equal to 128. For example fe80::42:b6ff:feff:2f3/64. The ip-address-and-prefix-length type represents a combination of an IP address and a prefix length and is IP version neutral. The format of the textual representations implies the IP version.

This field can be used to limit the IP addresses that are allowed to use the token.

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/token/create-token
Request samples 
ttl: 1d
meta:
  username: joe@acme.com
policies:
  - user
no-parent: true
no-default-policy: true
display-name: joe-git
bound-cidrs:
  - 192.168.1.0/24
Response samples 
accessor: 9bb6b18e-50bb-45d7-a09d-16e75a3d7875
token: 6730b1a2-2ace-4357-b8be-c37e594bba45
creation-time: 2022-01-13T10:32:06.527959Z

Invoke the list-accessors operation

List accessors associated with the same entity as the caller.

SecurityaccessToken
Request
query Parameters
site
string

Send the request to the specfifed site

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/token/list-accessors
Response samples 
accessors:
  - accessor: 05bf7506-cc46-47fa-8ed0-041a4922701a
    display-name: userpass-joe@acme.com
  - accessor: d0596eaa-a798-4062-8688-64fa2818e09b
    display-name: userpass-joe@acme.com
➔ Next to Disable Authentication Token