Generate User Api Token Using POST

Generate User Api Token Using POST

Programmatically Generate User Api Token. The following restrictions are in place: .

  1. 'All Roles' or high privilege organization roles are not allowed as a scope for the new API token (few exceptions apply)
  2. Organization ID in Access token (in headers) and ID token (in request body) should be the same.
  3. Maximum number of 50 API tokens is allowed.
  4. In non-production environments it is possible to choose for which of your organizations to generate token.

Access Policy

Role User Accounts Service Accounts (Client Credentials Applications)
All Roles ✔️
Request
URI
POST
https://{api_host}/csp/gateway/am/api/loggedin/user/api-tokens
COPY
Request Body
GenerateApiTokenRequestV2 of type(s) application/json
Required 
"GenerateApiTokenRequestV2 Object"
integer As int32 As int32
notifyBeforeExpiry
Optional

Number of days to notify before token expiration

string As ^[\p{Alnum}\-._ ]+$
idToken
Required

ID Token is signed JWT token returned from the authorization server and contains the user's profile information, includingthe domain of the identity provider. This domain is used to obtain the identity provider URL. This token is used for optimization so the application can know the identity of the user, without having to make any additional network requests. This token can be generated via the Authorization Code flow only.

string
tokenName
Optional
Constraints: minLength: 0 maxLength: 64

The name of the API token. The value must be alphanumerical and can contain the following symbols -_.`':@&, and space. International characters are allowed.

integer As int32 As int32
refreshTokenTTL
Required
Constraints: minimum: 1800

API Token Time To Live (TTL)

object
allowedScopes
Required

The allowed general, organization and service scopes of access.

string
orgId
Optional
Constraints: minLength: 0 maxLength: 255

Id of the organization for which to generate token (if different from the logged in user organization). This functionality is allowed only for non-production environments.

Authentication
This operation uses the following authentication methods.
Responses
200

OK

Returns ApiTokenResponse of type(s) application/json 
{
    "apiToken": "string"
}
string
apiToken
Optional

The value of the API token.


400

Max number of 50 user API Tokens reached | Invalid or expired idToken | Provided idToken does not belong to loggedin user | Authenticated Organization id and idToken organization id mismatch | High privilege organization scopes and 'All roles' scope not allowed

Returns CspErrorResponse of type(s) application/json 
"CspErrorResponse Object"
string
cspErrorCode
Optional

cspErrorCode

string
message
Optional

message

string
errorCode
Optional

errorCode

string
requestId
Optional

requestId

integer As int32 As int32
moduleCode
Optional

moduleCode

integer As int32 As int32
statusCode
Optional

statusCode


401

The user is not authorized to use the API

Returns CspErrorResponse of type(s) application/json 
"CspErrorResponse Object"
string
cspErrorCode
Optional

cspErrorCode

string
message
Optional

message

string
errorCode
Optional

errorCode

string
requestId
Optional

requestId

integer As int32 As int32
moduleCode
Optional

moduleCode

integer As int32 As int32
statusCode
Optional

statusCode


403

IP auth policy violation

Returns CspErrorResponse of type(s) application/json 
"CspErrorResponse Object"
string
cspErrorCode
Optional

cspErrorCode

string
message
Optional

message

string
errorCode
Optional

errorCode

string
requestId
Optional

requestId

integer As int32 As int32
moduleCode
Optional

moduleCode

integer As int32 As int32
statusCode
Optional

statusCode


404

The requested resource could not be found

Returns CspErrorResponse of type(s) application/json 
"CspErrorResponse Object"
string
cspErrorCode
Optional

cspErrorCode

string
message
Optional

message

string
errorCode
Optional

errorCode

string
requestId
Optional

requestId

integer As int32 As int32
moduleCode
Optional

moduleCode

integer As int32 As int32
statusCode
Optional

statusCode


409

The request could not be processed due to a conflict

Returns CspErrorResponse of type(s) application/json 
"CspErrorResponse Object"
string
cspErrorCode
Optional

cspErrorCode

string
message
Optional

message

string
errorCode
Optional

errorCode

string
requestId
Optional

requestId

integer As int32 As int32
moduleCode
Optional

moduleCode

integer As int32 As int32
statusCode
Optional

statusCode


429

The user has sent too many requests

Returns CspErrorResponse of type(s) application/json 
"CspErrorResponse Object"
string
cspErrorCode
Optional

cspErrorCode

string
message
Optional

message

string
errorCode
Optional

errorCode

string
requestId
Optional

requestId

integer As int32 As int32
moduleCode
Optional

moduleCode

integer As int32 As int32
statusCode
Optional

statusCode


500

An unexpected error has occurred while processing the request

Returns CspErrorResponse of type(s) application/json 
"CspErrorResponse Object"
string
cspErrorCode
Optional

cspErrorCode

string
message
Optional

message

string
errorCode
Optional

errorCode

string
requestId
Optional

requestId

integer As int32 As int32
moduleCode
Optional

moduleCode

integer As int32 As int32
statusCode
Optional

statusCode


Code Samples
COPY 
                    curl -X POST -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '[{}]' https://{api_host}/csp/gateway/am/api/loggedin/user/api-tokens
On This Page
Principal User Operations
GET
Get Loggedin User Organizations V2 Using GET
GET
Get Loggedin User Organizations Using GET
Deprecated
GET
Get Loggedin User Using GET
GET
Get Logged In User Roles On Organization By Organization Id Using GET
POST
Generate User Api Token Using POST
PUT
Set Default Organization Using PUT
Deprecated
GET
Get Logged In User Groups On Organization By Organization Id Using GET
GET
Get Logged In User Service Roles On Organization By Organization Id Using GET
GET
Get Logged In User Info Using GET