Skip to main content

Access Tokens

[API Docs] [SDK]

info

To call epilot APIs, requests must be authorized using a valid Access Token.

Using Access Token Authorization

The access token should be passed in the Authorization request header.

Authorization: Bearer <your-access-token>

Creating Access Tokens

Users logged into the epilot 360 portal can manage their Access Tokens from Settings > Access Tokens.

Creating access tokens requires the token:create permission.

Access Token Link via Configuration Menu

When creating an Access Token, the token inherits the roles and permissions of the logged in user.

Access Token create view

note

The generated token is shown only once and must be saved by the user.

Revoking Access Tokens

Access Tokens can be deleted from the management view to revoke them.

After revoking a token, it cannot be used anymore to call epilot APIs.

Access Token management view

caution

epilot doesn't store and cannot recover lost or revoked access tokens.

Access Token API

Authenticated users can generate long-term access tokens for 3rd party applications using the epilot Access Token API createAccessToken operation.

POST /v1/access-tokens
{
"name": "Token for my application"
}

Optionally, you can pass a list of Role IDs, to define the roles the access token will have access to. By default, the access token inherits the caller's roles.

POST /v1/access-tokens
{
"name": "Postman Access Token",
"assume_roles": ["123:owner"]
}

Each Access Token generated via the API gets a generated a unique ID.

// 201 - success
{
"id": "api_5ZugdRXasLfWBypHi93Fk",
"created_at": "2019-08-24T14:15:22Z",
"name": "Postman Access Token",
"assignments": ["123:owner"]
}

Access tokens may also be revoked using the revokeAccessToken operation

DELETE /v1/access-tokens/api_5ZugdRXasLfWBypHi93Fk
// 200 - success
{
"id": "api_5ZugdRXasLfWBypHi93Fk",
"created_at": "2019-08-24T14:15:22Z",
"name": "Postman Access Token",
"assignments": ["123:owner"]
}