List of users with API tokens, creation date, last access date

david guimbellot's Avatar

david guimbellot

12 Jan, 2021 08:51 PM

we want to manage access to api tokens more carefully.
how can we list which users have API tokens, last rotation time, and access with those tokens?

  1. Support Staff 1 Posted by Feodor Fitsner on 15 Jan, 2021 05:10 AM

    Feodor Fitsner's Avatar

    Hi David,

    There is currently no API to list users' API token details, however, I think we could add that. We can add the last generated dates for both account-specific and global tokens to the list of account users and a new endpoint to invalidate token for specified user. Is there anything else you need?

  2. 2 Posted by david guimbello... on 22 Jan, 2021 04:05 PM

    david guimbellot's Avatar

    that would be great!
    this will help our auditing process review

  3. 3 Posted by david guimbello... on 30 Jun, 2021 01:39 PM

    david guimbellot's Avatar

    any update?

  4. Support Staff 4 Posted by Feodor Fitsner on 30 Jun, 2021 08:13 PM

    Feodor Fitsner's Avatar

    Sure, will deploy it by the end of this week. Thanks for checking on.

  5. Support Staff 5 Posted by Feodor Fitsner on 02 Jul, 2021 07:27 PM

    Feodor Fitsner's Avatar

    Hi David,

    An update with new API for token expirations has been deployed.

    So, the items returned by https://ci.appveyor.com/api/account/{account}/users endpoint now include two additional (nullable) fields: accountApiTokenGenerated and userApiTokenGenerated which contain timestamps for account-specific (v1) and "global" user-specific (v2) API tokens respectively.

    Endpoints for invalidating expired tokens of users belonging to your account:

    DELETE /api/account/{account}/users/{id}/account-api-token
    DELETE /api/users/{id}/account-api-token
    
    DELETE /api/account/{account}/users/{id}/user-api-token
    DELETE /api/users/{id}/user-api-token
    

    Endpoints for invalidating expired tokens of collaborators joined to your account:

    DELETE /api/account/{account}/collaborators/{id}/account-api-token
    DELETE /api/collaborators/{id}/account-api-token
    

    Let me know if you have any questions.

  6. Feodor Fitsner closed this discussion on 01 Sep, 2021 09:03 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

18 Oct, 2021 12:38 PM
16 Oct, 2021 04:34 PM
15 Oct, 2021 08:29 PM
15 Oct, 2021 06:34 PM
13 Oct, 2021 03:47 PM

 

13 Oct, 2021 06:27 AM
13 Oct, 2021 05:54 AM
12 Oct, 2021 06:48 PM
12 Oct, 2021 06:47 PM
12 Oct, 2021 12:36 PM
11 Oct, 2021 10:05 AM