-
Notifications
You must be signed in to change notification settings - Fork 4
Access Tokens Management
Adil Bektursunov edited this page Aug 27, 2025
·
3 revisions
Design Item ID: DI-Portal-PS-003
Design Item Name: Access Tokens Management
Related Design Items:
Related API:
- Package API keys list retrieve (GET /api/v4/packages/{packageId}/apiKeys)
- Get list of available roles for package (GET /api/v2/packages/{packageId}/availableRoles)
- Get users list (GET /api/v2/users)
- Create a package API Key (POST /api/v4/packages/{packageId}/apiKeys)
- Delete package API Key (DELETE /api/v2/packages/{packageId}/apiKeys/{id})
Revision History:
| Date | Description |
|---|---|
The functionality provides a user with the ability to generate an API key for the current package. The API key is available for all kinds of packages (package, dashboard, group, workspace) for which it is generated and for all its child groups/packages/dashboards. The key does not have a period of life and needs to be stored on the client side because it is shown only once after generation and then the user will not see it again.
- GET /api/v4/packages/{packageId}/apiKeys - has access_token_management permission for workspace/group/package/dashboard-level API keys, and for system API keys, a system administrator role is required
- GET /api/v2/users - requires a system administrator role or a role with the user_access_management permission in any package
- User navigates to APIHUB Portal → specific workspace settings.
- User navigates to APIHUB Portal → specific workspace → specific group settings.
- User navigates to APIHUB Portal → specific workspace → specific group → specific package/dashboard settings.
(Further on this page only the word “package” will be used to mean all kind of packages)
- User opens Access Tokens tab.
- The system opens Access Tokens page and displays the list of all generated access tokens for the current package.
- API to show list of access tokens – GET /api/v4/packages/{packageId}/apiKeys
- packageId = Id of current package
- For each API key, the system shows the following information:
- Name – API key name
- Roles – Role with the set of permissions available for the API key
- Create At – Date of API key creation
- Create By – User who created the API key
- Created For – User for which the API was created (owner of API key)
- API to show list of access tokens – GET /api/v4/packages/{packageId}/apiKeys
To create a new API key:
- User fills the following fields:
- Name (required) – API key name must be unique within the current package. If there is another key with the same name, then the system shows an error message: API key with name already exists
- Roles (optional) – The role(s) that will be available for the API key. If the user does not specify a role, the role(s) will be the same as the user who generated the token.
- API to get list of available roles for a package – GET /api/v2/packages/{packageId}/availableRoles
- packageId = Id of current package
- API to get list of available roles for a package – GET /api/v2/packages/{packageId}/availableRoles
- Created For (required) – The user who will be the owner of the API key. By default, the field is predefined with the current user.
- API to get list of users – GET /api/v2/users
- User fills the required fields and clicks Generate button.
- The system generates the key and shows it. If the user leaves the page or reloads it, the token will not be shown again.
- API to create package access token – POST /api/v4/packages/{packageId}/apiKeys
- packageId = Id of current package
- API to create package access token – POST /api/v4/packages/{packageId}/apiKeys
- User clicks the copy icon in the Personal access token field.
- The system copies the key to the clipboard.
To delete an API key:
- User hovers over the row with the required key and clicks Delete button.
- The system deletes the appropriate key.
- API to delete access token – DELETE /api/v2/packages/{packageId}/apiKeys/{id}
- id = id of current API key
- packageId = Id of current package
- API to delete access token – DELETE /api/v2/packages/{packageId}/apiKeys/{id}
If the user does not have permission access_token_management, then:
- Name field will be disabled.
- Created For field will be disabled.
- Generate button will be disabled, and the tooltip You do not have permission to generate token will be displayed when the user hovers over the disabled button.
- Delete button will be disabled, and the tooltip You do not have permission to delete the token will be displayed when the user hovers over the disabled button.
Processes description
Technical articles
Design Items
- Navigation to APIHUB (log in / log out)
- Create Workspace
- Create Group
- Create Package
- Favorite packages, dashboards, groups, workspaces
- Shared Packages
- Activity History in Main Page
- Personal private workspace
- Version summary
- Revision History
- Package Activity History
- Manage Manual Operations Group
- Export Operations Group (reduced source specifications)
- Export Operations Group (combined specification)
- Export List of Operations in Excel
- Search and Filter Operations
- List of Operations
- List of Operations Groups
- Manage REST Path Prefix Group
- Activity History
- List of Deprecated Operations
- Export List of Changes in Excel
- Human‐readable description for deprecated items for OpenAPI 3.0
- List of Documents
- OpenAPI Document Overview
- Copy Package Version
- Export Package Version
- Export Document from Package Version
- Export List of Deprecated Operations in Excel
- API Quality Validation Result
- Export of discrepancy analysis results for arbitrary package versions in Excel
- AI Recommendations Tab
- General Settings
- Package versions list
- Access Tokens Management
- Delete Package
- Default Release Version
- Define Release Version Pattern