Generate User Api Token Using POST

Generate User Api Token Using POST

Programmatically Generate User Api Token. The following restrictions are in place: .

  1. 'All Roles' or high privilege organization roles are not allowed as a scope for the new API token (few exceptions apply)
  2. Organization ID in Access token (in headers) and ID token (in request body) should be the same.
  3. Maximum number of 50 API tokens is allowed.
  4. In non-production environments it is possible to choose for which of your organizations to generate token.

Access Policy

Role User Accounts Service Accounts (Client Credentials Applications)
All Roles ✔️
Request
URI
POST
https://{api_host}/csp/gateway/am/api/loggedin/user/api-tokens
COPY
Request Body
GenerateApiTokenRequestV2 of type(s) application/json
Required
{
    "allowedScopes": {
        "generalScopes": [
            "string"
        ],
        "organizationScopes": {
            "allPermissions": false,
            "allRoles": false,
            "keptInToken": [
                "string"
            ],
            "permissions": [
                {
                    "permissionId": "string",
                    "resources": [
                        "string"
                    ]
                }
            ],
            "roles": [
                {
                    "name": "string",
                    "resource": "string"
                }
            ]
        },
        "servicesScopes": [
            {
                "allPermissions": false,
                "allRoles": false,
                "keptInToken": [
                    "string"
                ],
                "permissions": [
                    {
                        "permissionId": "string",
                        "resources": [
                            "string"
                        ]
                    }
                ],
                "roles": [
                    {
                        "name": "string",
                        "resource": "string"
                    }
                ],
                "serviceDefinitionId": "string"
            }
        ]
    },
    "idToken": "string",
    "notifyBeforeExpiry": 0,
    "orgId": "string",
    "refreshTokenTTL": 0,
    "tokenName": "string"
}
allowedScopes
Required

allowedScopes

string As ^[\p{Alnum}\-._ ]+$
idToken
Required

ID Token is signed JWT token returned from the authorization server and contains the user's profile information, includingthe domain of the identity provider. This domain is used to obtain the identity provider URL. This token is used for optimization so the application can know the identity of the user, without having to make any additional network requests. This token can be generated via the Authorization Code flow only.

integer As int32 As int32
notifyBeforeExpiry
Optional

Number of days to notify before token expiration

string
orgId
Optional

Id of the organization for which to generate token (if different from the logged in user organization). This functionality is allowed only for non-production environments.

integer As int32 As int32
refreshTokenTTL
Required

API Token Time To Live (TTL)

string
tokenName
Optional

The name of the API token. The value must be alphanumerical and can contain the following symbols -_.`':@&, and space. International characters are allowed.

Authentication
This operation uses the following authentication methods.
Responses
200

OK

Returns ApiTokenResponse of type(s) application/json
{
    "apiToken": "string"
}
string
apiToken
Optional

The value of the API token.


400

Max number of 50 user API Tokens reached | Invalid or expired idToken | Provided idToken does not belong to loggedin user | Authenticated Organization id and idToken organization id mismatch | High privilege organization scopes and 'All roles' scope not allowed

Returns CspErrorResponse of type(s) application/json
{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}
string
cspErrorCode
Optional

cspErrorCode

string
errorCode
Optional

errorCode

string
message
Optional

message

integer As int32 As int32
moduleCode
Optional

moduleCode

string
requestId
Optional

requestId

integer As int32 As int32
statusCode
Optional

statusCode


401

The user is not authorized to use the API

Returns CspErrorResponse of type(s) application/json
{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}
string
cspErrorCode
Optional

cspErrorCode

string
errorCode
Optional

errorCode

string
message
Optional

message

integer As int32 As int32
moduleCode
Optional

moduleCode

string
requestId
Optional

requestId

integer As int32 As int32
statusCode
Optional

statusCode


403

IP auth policy violation

Returns CspErrorResponse of type(s) application/json
{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}
string
cspErrorCode
Optional

cspErrorCode

string
errorCode
Optional

errorCode

string
message
Optional

message

integer As int32 As int32
moduleCode
Optional

moduleCode

string
requestId
Optional

requestId

integer As int32 As int32
statusCode
Optional

statusCode


404

The requested resource could not be found

Returns CspErrorResponse of type(s) application/json
{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}
string
cspErrorCode
Optional

cspErrorCode

string
errorCode
Optional

errorCode

string
message
Optional

message

integer As int32 As int32
moduleCode
Optional

moduleCode

string
requestId
Optional

requestId

integer As int32 As int32
statusCode
Optional

statusCode


409

The request could not be processed due to a conflict

Returns CspErrorResponse of type(s) application/json
{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}
string
cspErrorCode
Optional

cspErrorCode

string
errorCode
Optional

errorCode

string
message
Optional

message

integer As int32 As int32
moduleCode
Optional

moduleCode

string
requestId
Optional

requestId

integer As int32 As int32
statusCode
Optional

statusCode


429

The user has sent too many requests

Returns CspErrorResponse of type(s) application/json
{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}
string
cspErrorCode
Optional

cspErrorCode

string
errorCode
Optional

errorCode

string
message
Optional

message

integer As int32 As int32
moduleCode
Optional

moduleCode

string
requestId
Optional

requestId

integer As int32 As int32
statusCode
Optional

statusCode


500

An unexpected error has occurred while processing the request

Returns CspErrorResponse of type(s) application/json
{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}
string
cspErrorCode
Optional

cspErrorCode

string
errorCode
Optional

errorCode

string
message
Optional

message

integer As int32 As int32
moduleCode
Optional

moduleCode

string
requestId
Optional

requestId

integer As int32 As int32
statusCode
Optional

statusCode