List of users with API tokens, creation date, last access date

david guimbellot's Avatar

david guimbellot

12 Jan, 2021 08:51 PM

we want to manage access to api tokens more carefully.
how can we list which users have API tokens, last rotation time, and access with those tokens?

  1. Support Staff 1 Posted by Feodor Fitsner on 15 Jan, 2021 05:10 AM

    Feodor Fitsner's Avatar

    Hi David,

    There is currently no API to list users' API token details, however, I think we could add that. We can add the last generated dates for both account-specific and global tokens to the list of account users and a new endpoint to invalidate token for specified user. Is there anything else you need?

  2. 2 Posted by david guimbello... on 22 Jan, 2021 04:05 PM

    david guimbellot's Avatar

    that would be great!
    this will help our auditing process review

  3. 3 Posted by david guimbello... on 30 Jun, 2021 01:39 PM

    david guimbellot's Avatar

    any update?

  4. Support Staff 4 Posted by Feodor Fitsner on 30 Jun, 2021 08:13 PM

    Feodor Fitsner's Avatar

    Sure, will deploy it by the end of this week. Thanks for checking on.

  5. Support Staff 5 Posted by Feodor Fitsner on 02 Jul, 2021 07:27 PM

    Feodor Fitsner's Avatar

    Hi David,

    An update with new API for token expirations has been deployed.

    So, the items returned by https://ci.appveyor.com/api/account/{account}/users endpoint now include two additional (nullable) fields: accountApiTokenGenerated and userApiTokenGenerated which contain timestamps for account-specific (v1) and "global" user-specific (v2) API tokens respectively.

    Endpoints for invalidating expired tokens of users belonging to your account:

    DELETE /api/account/{account}/users/{id}/account-api-token
    DELETE /api/users/{id}/account-api-token
    
    DELETE /api/account/{account}/users/{id}/user-api-token
    DELETE /api/users/{id}/user-api-token
    

    Endpoints for invalidating expired tokens of collaborators joined to your account:

    DELETE /api/account/{account}/collaborators/{id}/account-api-token
    DELETE /api/collaborators/{id}/account-api-token
    

    Let me know if you have any questions.

  6. Feodor Fitsner closed this discussion on 01 Sep, 2021 09:03 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

 

01 Oct, 2024 04:27 PM
26 Sep, 2024 03:49 PM
26 Sep, 2024 09:02 AM
25 Sep, 2024 07:07 PM
24 Sep, 2024 08:39 PM
24 Sep, 2024 06:47 AM