Authorization Tokens

Authorization Tokens are generated by a user who is given the capability to access the API from a 3rd party service. The token is a proxy of the user, so each action performed with the token is as if it was done by the user who created the token.

Basic Operations

Basic operations of Create, List, and Update are available for tokens. Note: A token may not be destroyed, as the token string itself is valid for it’s validity period. We instead support blocklisting.

List all Tokens

Call to /authorization/token to get all authorization tokens.

Request Object

+ URL
  /api/v2/authorization/token

+ Method
  GET

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {}

Response Object

Sending this should get you back a valid response, an array with each authorization token in the system.

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    {
      "id": 1,
      "hostid": "09e3b2bd",
      "username": "open",
      "token_name": "od-token-Sat_Sep_12_2020",
      "enabled": true,
      "systemAuth": false,
      "token": "token.redacted.indocumentaion",
      "createdAt": "2020-09-12T21:07:50.141Z",
      "updatedAt": "2020-09-12T21:07:50.141Z",
      "expiresAt": "1600549670138"
    },
    {
      "id": 2,
      "hostid": "09e3b2bd",
      "username": "open",
      "token_name": "od-token-Mon_Sep_21_2020",
      "enabled": true,
      "systemAuth": false,
      "token": "token.redacted.indocumentaion",
      "createdAt": "2020-09-21T18:40:35.117Z",
      "updatedAt": "2020-09-21T18:40:35.117Z",
      "expiresAt": "1601318435112"
    }
  ]

Get token by User

You can also request all tokens generated by a specific user

Request Object

+ URL
  /api/v2/authorization/token/$USERNAME/details

+ Method
  GET

+ Parameters
  user name (string, required, URL param) - the username of the user who generated the token

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  [
    {
      "id": 1,
      "hostid": "09e3b2bd",
      "username": "open",
      "token_name": "od-token-Sat_Sep_12_2020",
      "enabled": true,
      "systemAuth": false,
      "token": "docoumentation.tokensarentactuallyreal.tokensbutfillertext",
      "createdAt": "2020-09-12T21:07:50.141Z",
      "updatedAt": "2020-09-12T21:07:50.141Z",
      "expiresAt": "1600549670138"
    },
    {
      "id": 2,
      "hostid": "09e3b2bd",
      "username": "open",
      "token_name": "od-token-Mon_Sep_21_2020",
      "enabled": true,
      "systemAuth": false,
      "token": "docoumentation.tokensarentactuallyreal.tokensbutfillertext",
      "createdAt": "2020-09-21T18:40:35.117Z",
      "updatedAt": "2020-09-21T18:40:35.117Z",
      "expiresAt": "1601318435112"
    },
    {
      "id": 3,
      "hostid": "09e3b2bd",
      "username": "bob_bobson",
      "token_name": "bob_bobsons_new_token",
      "enabled": true,
      "systemAuth": false,
      "token": "docoumentation.tokensarentactuallyreal.tokensbutfillertext",
      "createdAt": "2020-09-28T17:22:21.334Z",
      "updatedAt": "2020-09-28T17:22:21.334Z",
      "expiresAt": "1601317341332"
    }
  ]

Response Object

Sending this should get you back a valid response, an array with each token belonging to that user in the system.

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    {
      "id": 1,
      "hostid": "09e3b2bd",
      "username": "open",
      "token_name": "od-token-Sat_Sep_12_2020",
      "enabled": true,
      "systemAuth": false,
      "token": "token.redacted.indocumentaion",
      "createdAt": "2020-09-12T21:07:50.141Z",
      "updatedAt": "2020-09-12T21:07:50.141Z",
      "expiresAt": "1600549670138"
    },
    {
      "id": 2,
      "hostid": "09e3b2bd",
      "username": "open",
      "token_name": "od-token-Mon_Sep_21_2020",
      "enabled": true,
      "systemAuth": false,
      "token": "token.redacted.indocumentaion",
      "createdAt": "2020-09-21T18:40:35.117Z",
      "updatedAt": "2020-09-21T18:40:35.117Z",
      "expiresAt": "1601318435112"
    }
  ]

Create an Authorization Token

You may create an authorization token for yourself, or if you have elevated privileges, for any valid user.

Request Object

+ URL
  /api/v2/authorization/token/create

+ Method
  POST

+ Parameters
  username (string, required, Body) - the username of the user you wish to give a token, yourself if you do not have privledge 'token:manage'
  tokenName (string, required, Body) - a unique name to give the token
  expiresIn (string, optional, Body) - a JWT time string such as '1y' '10m' etc.
  enabled (boolean, optional, Body) - disabled tokens will be rejected when making calls

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {
    "username": "bob_bobson",
    "tokenName": "test12345"
  }

Response Object

Sending this should get you back a valid response, an array containing the newly created token.

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    {
      "id": 6,
      "hostid": "09e3b2bd",
      "username": "bob_bobson",
      "token_name": "test12345",
      "enabled": false,
      "systemAuth": false,
      "token": "wowwhatacool.newtokenforbobbobson.only",
      "createdAt": "2020-09-28T18:17:44.502Z",
      "updatedAt": "2020-09-28T18:17:44.502Z",
      "expiresAt": "1632874664500"
    }
  ]

Update an Authorization Token

You can only update the token name and enabled field after creating a token

Request Object

+ URL
  /api/v2/authorization/token/update/$AUTH_ID

+ Method
  POST

+ Parameters
  auth id (number, required, URL param) - the identifier for the authorization token
  tokenName (string, required, Body) - a unique name to give the token
  enabled (boolean, optional, Body) - disabled tokens will be rejected when making calls

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {
    "tokenName": "test6789",
    "enabled": false
  }

Response Object

Sending this should get you back a valid response, an array containing the newly updated token.

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    {
      "id": 6,
      "hostid": "09e3b2bd",
      "username": "bob_bobson",
      "token_name": "test6789",
      "enabled": false,
      "systemAuth": false,
      "token": "wowwhatacool.newtokenforbobbobson.only",
      "createdAt": "2020-09-28T18:17:44.502Z",
      "updatedAt": "2020-09-28T18:17:44.502Z",
      "expiresAt": "1632874664500"
    }
  ]

Destroy an Authorization Token

You cannot destroy an authorization token. Why? Because once a token is created, the text of the token leaves the control of the Atlas system, and the token text is like a key to a lock. The only way to prevent a key from opening a lock, once you loose control of who has they key, is to change your locks.

Luckily, we allow you to set any generated authorization token to 'disabled', which will block list that particular key from your system. To do this, we cannot allow you to delete keys from your system once generated. Please use Authorization Tokens with care!