Skip to main content
POST
/
v1
/
api-tokens
Create API Token
curl --request POST \
  --url https://localtest.mindbridge.ai/api/v1/api-tokens \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "expiry": "2023-11-07T05:31:56Z",
  "permissions": [
    "api.organizations.read"
  ],
  "allowedAddresses": [
    "<string>"
  ]
}
'
{
  "version": 123,
  "name": "<string>",
  "expiry": "2023-11-07T05:31:56Z",
  "permissions": [
    "api.organizations.read"
  ],
  "id": {},
  "creationDate": "2023-11-07T05:31:56Z",
  "lastModifiedDate": "2023-11-07T05:31:56Z",
  "createdUserInfo": {
    "userId": {},
    "userName": "<string>"
  },
  "lastModifiedUserInfo": {
    "userId": {},
    "userName": "<string>"
  },
  "userId": {},
  "partialToken": "<string>",
  "allowedAddresses": [
    "<string>"
  ],
  "token": "<string>"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
name
string
required

The token record’s name. This will also be used as the API Token User’s name.

Minimum string length: 1
Pattern: \s*\S+.*
expiry
string<date-time>
required

The day on which the API token expires.

permissions
enum<string>[]
required

The set of permissions that inform which endpoints this token is authorized to access.

Available options:
api.organizations.read,
api.organizations.write,
api.organizations.delete,
api.engagements.read,
api.engagements.write,
api.engagements.delete,
api.analyses.read,
api.analyses.write,
api.analyses.delete,
api.analyses.run,
api.analysis-sources.read,
api.analysis-sources.write,
api.analysis-sources.delete,
api.file-manager.read,
api.file-manager.write,
api.file-manager.delete,
api.libraries.read,
api.libraries.write,
api.libraries.delete,
api.account-groupings.read,
api.account-groupings.write,
api.account-groupings.delete,
api.engagement-account-groupings.read,
api.engagement-account-groupings.write,
api.engagement-account-groupings.delete,
api.users.read,
api.users.write,
api.users.delete,
api.data-tables.read,
api.api-tokens.read,
api.api-tokens.write,
api.api-tokens.delete,
api.tasks.read,
api.tasks.write,
api.tasks.delete,
api.admin-reports.run,
api.analysis-types.read,
api.analysis-source-types.read,
api.analysis-type-configuration.read,
api.analysis-type-configuration.write,
api.analysis-type-configuration.delete,
api.risk-ranges.read,
api.risk-ranges.write,
api.risk-ranges.delete,
api.filters.read,
api.filters.write,
api.filters.delete,
api.file-infos.read,
api.webhooks.read,
api.webhooks.write,
api.webhooks.delete,
scim.user.read,
scim.user.write,
scim.user.delete,
scim.user.schema
allowedAddresses
string[]

Indicates the set of addresses that are allowed to use this token. If empty, any address may use it.

Response

Created

version
integer<int64>
required

Indicates the data integrity version to ensure data consistency.

name
string
required

The token record’s name. This will also be used as the API Token User’s name.

Minimum string length: 1
Pattern: \s*\S+.*
expiry
string<date-time>
required

The day on which the API token expires.

permissions
enum<string>[]
required

The set of permissions that inform which endpoints this token is authorized to access.

Available options:
api.organizations.read,
api.organizations.write,
api.organizations.delete,
api.engagements.read,
api.engagements.write,
api.engagements.delete,
api.analyses.read,
api.analyses.write,
api.analyses.delete,
api.analyses.run,
api.analysis-sources.read,
api.analysis-sources.write,
api.analysis-sources.delete,
api.file-manager.read,
api.file-manager.write,
api.file-manager.delete,
api.libraries.read,
api.libraries.write,
api.libraries.delete,
api.account-groupings.read,
api.account-groupings.write,
api.account-groupings.delete,
api.engagement-account-groupings.read,
api.engagement-account-groupings.write,
api.engagement-account-groupings.delete,
api.users.read,
api.users.write,
api.users.delete,
api.data-tables.read,
api.api-tokens.read,
api.api-tokens.write,
api.api-tokens.delete,
api.tasks.read,
api.tasks.write,
api.tasks.delete,
api.admin-reports.run,
api.analysis-types.read,
api.analysis-source-types.read,
api.analysis-type-configuration.read,
api.analysis-type-configuration.write,
api.analysis-type-configuration.delete,
api.risk-ranges.read,
api.risk-ranges.write,
api.risk-ranges.delete,
api.filters.read,
api.filters.write,
api.filters.delete,
api.file-infos.read,
api.webhooks.read,
api.webhooks.write,
api.webhooks.delete,
scim.user.read,
scim.user.write,
scim.user.delete,
scim.user.schema
id
object

The unique object identifier.

creationDate
string<date-time>

The date that the object was originally created.

lastModifiedDate
string<date-time>

The date that the object was last updated or modified.

createdUserInfo
User Info · object

Details about the user who created the object.

lastModifiedUserInfo
User Info · object

Details about the user who last modified or updated the object.

userId
object

Identifies the API Token User associated with this token.

partialToken
string

A partial representation of the API token.

allowedAddresses
string[]

Indicates the set of addresses that are allowed to use this token. If empty, any address may use it.

token
string

The API token.

Note: The security of the API token is paramount. If compromised, contact your App Admin immediately.