Generate User Api Token Using POST

Programmatically Generate User Api Token. The following restrictions are in place: .

'All Roles' or high privilege organization roles are not allowed as a scope for the new API token (few exceptions apply)
Organization ID in Access token (in headers) and ID token (in request body) should be the same.
Maximum number of 50 API tokens is allowed.
In non-production environments it is possible to choose for which of your organizations to generate token.

Access Policy

Role	User Accounts	Service Accounts (Client Credentials Applications)
All Roles	✔️	❌

Request

URI

POST

https://{api_host}/csp/gateway/am/api/loggedin/user/api-tokens

COPY

Request Body

GenerateApiTokenRequestV2 of type(s) application/json

Required

Show optional properties

{
    "allowedScopes": {},
    "idToken": "string",
    "refreshTokenTTL": 0
}

{
    "allowedScopes": {
        "generalScopes": [
            "string"
        ],
        "organizationScopes": {
            "allPermissions": false,
            "allRoles": false,
            "keptInToken": [
                "string"
            ],
            "permissions": [
                {
                    "permissionId": "string",
                    "resources": [
                        "string"
                    ]
                }
            ],
            "roles": [
                {
                    "name": "string",
                    "resource": "string"
                }
            ]
        },
        "servicesScopes": [
            {
                "allPermissions": false,
                "allRoles": false,
                "keptInToken": [
                    "string"
                ],
                "permissions": [
                    {
                        "permissionId": "string",
                        "resources": [
                            "string"
                        ]
                    }
                ],
                "roles": [
                    {
                        "name": "string",
                        "resource": "string"
                    }
                ],
                "serviceDefinitionId": "string"
            }
        ]
    },
    "idToken": "string",
    "notifyBeforeExpiry": 0,
    "orgId": "string",
    "refreshTokenTTL": 0,
    "tokenName": "string"
}

AllowedScopesDto

allowedScopes

Required

The allowed general, organization and service scopes of access.

string As ^[\p{Alnum}\-._ ]+$

idToken

Required

ID Token is signed JWT token returned from the authorization server and contains the user's profile information, includingthe domain of the identity provider. This domain is used to obtain the identity provider URL. This token is used for optimization so the application can know the identity of the user, without having to make any additional network requests. This token can be generated via the Authorization Code flow only.

integer As int32 As int32

notifyBeforeExpiry

Optional

Number of days to notify before token expiration

string

orgId

Optional

Id of the organization for which to generate token (if different from the logged in user organization). This functionality is allowed only for non-production environments.

integer As int32 As int32

refreshTokenTTL

Required

API Token Time To Live (TTL)

string

tokenName

Optional

The name of the API token. The value must be alphanumerical and can contain the following symbols -_.`':@&, and space. International characters are allowed.

Authentication

This operation uses the following authentication methods.

Bearer

Responses

200

Returns ApiTokenResponse of type(s) application/json

{
    "apiToken": "string"
}

string

apiToken

Optional

The value of the API token.

400

Max number of 50 user API Tokens reached | Invalid or expired idToken | Provided idToken does not belong to loggedin user | Authenticated Organization id and idToken organization id mismatch | High privilege organization scopes and 'All roles' scope not allowed

Returns CspErrorResponse of type(s) application/json

{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}

string

cspErrorCode

Optional

cspErrorCode

string

errorCode

Optional

errorCode

string

message

Optional

message

integer As int32 As int32

moduleCode

Optional

moduleCode

string

requestId

Optional

requestId

integer As int32 As int32

statusCode

Optional

statusCode

401

The user is not authorized to use the API

Returns CspErrorResponse of type(s) application/json

{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}

string

cspErrorCode

Optional

cspErrorCode

string

errorCode

Optional

errorCode

string

message

Optional

message

integer As int32 As int32

moduleCode

Optional

moduleCode

string

requestId

Optional

requestId

integer As int32 As int32

statusCode

Optional

statusCode

403

IP auth policy violation

Returns CspErrorResponse of type(s) application/json

{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}

string

cspErrorCode

Optional

cspErrorCode

string

errorCode

Optional

errorCode

string

message

Optional

message

integer As int32 As int32

moduleCode

Optional

moduleCode

string

requestId

Optional

requestId

integer As int32 As int32

statusCode

Optional

statusCode

404

The requested resource could not be found

Returns CspErrorResponse of type(s) application/json

{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}

string

cspErrorCode

Optional

cspErrorCode

string

errorCode

Optional

errorCode

string

message

Optional

message

integer As int32 As int32

moduleCode

Optional

moduleCode

string

requestId

Optional

requestId

integer As int32 As int32

statusCode

Optional

statusCode

409

The request could not be processed due to a conflict

Returns CspErrorResponse of type(s) application/json

{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}

string

cspErrorCode

Optional

cspErrorCode

string

errorCode

Optional

errorCode

string

message

Optional

message

integer As int32 As int32

moduleCode

Optional

moduleCode

string

requestId

Optional

requestId

integer As int32 As int32

statusCode

Optional

statusCode

429

The user has sent too many requests

Returns CspErrorResponse of type(s) application/json

{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}

string

cspErrorCode

Optional

cspErrorCode

string

errorCode

Optional

errorCode

string

message

Optional

message

integer As int32 As int32

moduleCode

Optional

moduleCode

string

requestId

Optional

requestId

integer As int32 As int32

statusCode

Optional

statusCode

500

An unexpected error has occurred while processing the request

Returns CspErrorResponse of type(s) application/json

{
    "cspErrorCode": "string",
    "errorCode": "string",
    "message": "string",
    "moduleCode": 0,
    "requestId": "string",
    "statusCode": 0
}

string

cspErrorCode

Optional

cspErrorCode

string

errorCode

Optional

errorCode

string

message

Optional

message