Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
712:api-tokens [2025/09/15 14:55] – external edit 127.0.0.1712:api-tokens [2025/09/15 15:37] (current) – [API token administration] Weinlein, Thomas
Line 21: Line 21:
 ===== How to create an API token for SCIM ===== ===== How to create an API token for SCIM =====
  
-Users need to have READ and CREATE permissions on the API tokens permission domain to be allowed to create API tokens . In order to revoke API tokens, READ and DELETE permissions are required. Authorized Stages users can find and manage the API tokens under Administration > SCIM API.+Users need to have READ and CREATE permissions on the API tokens permission domain to be allowed to create API tokens . In order to revoke API tokens, READ and DELETE permissions are required. Authorized Stages users can find and manage the API tokens under Administration > API Tokens.
  
 Each token is identified by a label that is defined upon generation. The resulting token values will not be stored at the server but the server is able to identify a valid token by its value. Tokens become invalid after explicitly being revoked by the Stages administrator or after their expiry date has been reached. Each token is identified by a label that is defined upon generation. The resulting token values will not be stored at the server but the server is able to identify a valid token by its value. Tokens become invalid after explicitly being revoked by the Stages administrator or after their expiry date has been reached.
  
-{{:712:issue_apitoken.png}}+{{ :712:issue-token.jpg }}
  
 Directly after creating the API Token, the token value can be copied from the Stages popup dialog and saved in a secure location. Once the dialog has been closed, it can not be retrieved anymore. Directly after creating the API Token, the token value can be copied from the Stages popup dialog and saved in a secure location. Once the dialog has been closed, it can not be retrieved anymore.
  
 Requests to the Stages SCIM endpoint must contain the value of a valid API token in the Authorization header in the following format: Bearer <token_value> Typically, the identity providers do this under the hood. All actions will be logged at the server in the scim.log and audit-json.log files with the respective API token label as a logging context identifier. Requests to the Stages SCIM endpoint must contain the value of a valid API token in the Authorization header in the following format: Bearer <token_value> Typically, the identity providers do this under the hood. All actions will be logged at the server in the scim.log and audit-json.log files with the respective API token label as a logging context identifier.
 +
  
 ===== How to create an API-token for the REST API ===== ===== How to create an API-token for the REST API =====
Line 47: Line 48:
  
 All API tokens no matter if of type SCIM or CollectorData, can be managed by an administrator with ''APIToken Read'' and ''Delete'' permissions. All API tokens no matter if of type SCIM or CollectorData, can be managed by an administrator with ''APIToken Read'' and ''Delete'' permissions.
 +
 +{{ 712:token-overview.jpg }}
  
 So the administrator has always an overview which API tokens exist for the Stages server and is also able to disable or revoke them. So the administrator has always an overview which API tokens exist for the Stages server and is also able to disable or revoke them.