List of users with API tokens, creation date, last access date
we want to manage access to api tokens more carefully.
how can we list which users have API tokens, last rotation time, and access with those tokens?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Feodor Fitsner on 15 Jan, 2021 05:10 AM
Hi David,
There is currently no API to list users' API token details, however, I think we could add that. We can add the last generated dates for both account-specific and global tokens to the list of account users and a new endpoint to invalidate token for specified user. Is there anything else you need?
2 Posted by david guimbello... on 22 Jan, 2021 04:05 PM
that would be great!
this will help our auditing process review
3 Posted by david guimbello... on 30 Jun, 2021 01:39 PM
any update?
Support Staff 4 Posted by Feodor Fitsner on 30 Jun, 2021 08:13 PM
Sure, will deploy it by the end of this week. Thanks for checking on.
Support Staff 5 Posted by Feodor Fitsner on 02 Jul, 2021 07:27 PM
Hi David,
An update with new API for token expirations has been deployed.
So, the items returned by
https://ci.appveyor.com/api/account/{account}/usersendpoint now include two additional (nullable) fields:accountApiTokenGeneratedanduserApiTokenGeneratedwhich contain timestamps for account-specific (v1) and "global" user-specific (v2) API tokens respectively.Endpoints for invalidating expired tokens of users belonging to your account:
Endpoints for invalidating expired tokens of collaborators joined to your account:
Let me know if you have any questions.
Feodor Fitsner closed this discussion on 01 Sep, 2021 09:03 PM.