tokens.md 2.2 KB

API Tokens

Environment Variables

  • CONCH_TOKEN

    : specify the API token

  • CONCH_ENV

    : production, staging, or development (defaults to production)

  • CONCH_URL

    : if CONCH_ENV=development, specifies the API's URL

User Commands

  • profile create --name :name --token :token

    : create a profile using a token. user names and other parameters are ignored

  • profile set token :token

    : converts a profile to token auth, using the provided token

  • profile upgrade

    : converts a profile to token auth by auto-generating a token which is never shared to the user

  • profile revoke-tokens --tokens-only

    : when revoking one's access abilities, one can revoke only API tokens instead of both API tokens and logins

  • profile change-password --purge-tokens

    : when changing one's paswords, one can also purge all API tokens at the same time

  • user tokens

    : list all API tokens

  • user token create :name

    : create a token with the given name, displaying the token value

  • user token get :name

    : get basic data (including last used time) about a token. Does not show the token value

  • user token rm :name

    : remove a token by name

Admin Commands

  • admin user :id tokens

    : List a user's API tokens

  • admin user :id token get :name

    : Get a user's API token by name. Does not show the token value

  • admin user :id token rm :name

    : Remove a user's token by name

  • admin user :id revoke --tokens-only

    : when revoking a user's access, an admin can revoke just their API tokens

  • admin user :id reset --revoke-tokens

    : when reseting a user's passwords, an admin can also revoke their API tokens

Notes

  • The API token is obfuscated in the config file. It is not possible to copy that value out of the config and use it in another tool.

Build / Compilation Flags

  • DISABLE_API_TOKEN_CRUD

    : removes all commands for creating or modifying API tokens

  • TOKEN_OBFUSCATION_KEY

    : used in the obfuscation of tokens in the config file. While a default is provided, it is strongly recommended that this be customized in the build environment. NOTE: If this value is ever changed, it will render the tokens in user configs completely unusable.