API authorizations

User personnal API Token

When you use api-authorizations plugin, any logged user can get a personnal API token by clicking on its login information:

User requesting a personnal API token

Once you click on the button, you get you personnal API token that can get revoked at any time:

Personnal API token information

The user can use that token to execute API requests for the same action that his role allows him to do:

Personnal API token information

These actions are recorded as done by the user owning the API token in Rudder events log:

Personnal API token information

API ACLs

The plugin also allows to configure fine grained access control for a token. By selecting "Custom ACL" access level, you can choose what endpoints are accessible for that API token.

For example, you can create an API token which can only access compliance information:

Create a new API token with "ACL" access level

And only authorize access to compliance endpoints

That token can of course access compliance related endpoints:

Token can access compliance information

But if it tries to access an other endpoint, it get an authorization error:

Token is not authorized to access directives information

← Ansible policies Authentication backends →