As the sole owner of your API tokens, it is your responsibility to securely store, backup and manage them.
API tokens as a form of authentication similar to a username and password. You need an API token to run scripts key to your organization’s development. Tokens are scoped within your organization for additional security.
Important: Tokens may expire based on the settings in the
VMware Cloud Services Console™ . If the token expires, you must regenerate them if you want to continue using APIs that rely on a token.
To view and manage your API tokens:
- Click your user name in the upper-right corner of the toolbar, and then click My Account.
- Select the API Tokens tab.
- Do any of the following:
- To regenerate a token, click Regenerate. This replaces the existing token with a new one. In order to continue calling the APIs, you must update your token in the API calls.
- To disable a token, click Revoke. This revokes both the API token and the associated access token.
- To prevent unauthorized access to your organization's resources, we recommend that you keep the API tokens you generate in a secure and protected location. VMware Cloud services does not check for proof of possession, but captures token usage audit events when:
- a user generates an API token
- a user revokes one or all personal tokens
- a user makes an unsuccessful attempt to generate access token by API token refresh
Note: To view the audit event logs in VMware Cloud services, you must have an organization owner role. See Carbon Black Cloud Audit Logs or VMware Cloud services Audit Logs.
The following table summarizes the most common API token self-service management tasks:
If you want to... | Do this... |
Extend the validity of an API token that has expired. | You must regenerate your token. |
Regenerate a valid API token. | You can regenerate a token at any time. If you | regenerate a token, you revoke all instances of the previous token. If you have used the token, for example in one of your scripts, remember to replace it with the newly generated token.
Replace a compromised API token . | If you feel the token has been compromised, you can revoke the token to prevent unauthorized access. You generate a new token to renew authorization. |
Destroy an API token that is still valid. | You destroy a valid API token by revoking it. |
Recover a lost API token. | Lost tokens cannot be recovered. You must revoke the lost token and generate a new one. |