Skip to main content
POST
/
v1
/
api-tokens
Create API Token
curl --request POST \
  --url https://{tenant}.mindbridge.ai/api/v1/api-tokens \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "expiry": "2023-11-07T05:31:56Z",
  "permissions": [
    "api.organizations.read"
  ],
  "allowedAddresses": [
    "<string>"
  ]
}
'
{
  "version": 123,
  "name": "<string>",
  "expiry": "2023-11-07T05:31:56Z",
  "permissions": [
    "api.organizations.read"
  ],
  "id": "<string>",
  "creationDate": "2023-11-07T05:31:56Z",
  "lastModifiedDate": "2023-11-07T05:31:56Z",
  "createdUserInfo": {
    "userId": "<string>",
    "userName": "<string>"
  },
  "lastModifiedUserInfo": {
    "userId": "<string>",
    "userName": "<string>"
  },
  "userId": "<string>",
  "partialToken": "<string>",
  "allowedAddresses": [
    "<string>"
  ],
  "token": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://developer.mindbridge.ai/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
name
string
required

The token record's name. This will also be used as the API Token User's name.

expiry
string<date-time>
required

The day on which the API token expires.

permissions
enum<string>[]
required

The set of permissions that inform which endpoints this token is authorized to access.

Available options:
api.organizations.read,
api.organizations.write,
api.organizations.delete,
api.engagements.read,
api.engagements.write,
api.engagements.delete,
api.analyses.read,
api.analyses.write,
api.analyses.delete,
api.analyses.run,
api.analysis-sources.read,
api.analysis-sources.write,
api.analysis-sources.delete,
api.file-manager.read,
api.file-manager.write,
api.file-manager.delete,
api.reporting-period-config.read,
api.reporting-period-config.write,
api.reporting-period-config.delete,
api.libraries.read,
api.libraries.write,
api.libraries.delete,
api.account-groupings.read,
api.account-groupings.write,
api.account-groupings.delete,
api.engagement-account-groupings.read,
api.engagement-account-groupings.write,
api.engagement-account-groupings.delete,
api.users.read,
api.users.write,
api.users.delete,
api.data-tables.read,
api.api-tokens.read,
api.api-tokens.write,
api.api-tokens.delete,
api.tasks.read,
api.tasks.write,
api.tasks.delete,
api.admin-reports.run,
api.analysis-types.read,
api.analysis-source-types.read,
api.analysis-type-configuration.read,
api.analysis-type-configuration.write,
api.analysis-type-configuration.delete,
api.risk-ranges.read,
api.risk-ranges.write,
api.risk-ranges.delete,
api.filters.read,
api.filters.write,
api.filters.delete,
api.file-infos.read,
api.webhooks.read,
api.webhooks.write,
api.webhooks.delete,
api.connections.read,
api.connections.write,
api.connections.delete,
api.connection-data-sources.read,
api.connection-data-sources.write,
api.connection-data-sources.delete,
scim.user.read,
scim.user.write,
scim.user.delete,
scim.user.schema
allowedAddresses
string[]

Indicates the set of addresses that are allowed to use this token. If empty, any address may use it.

Response

201 - application/json

Created

version
integer<int64>
required

Indicates the data integrity version to ensure data consistency.

name
string
required

The token record's name. This will also be used as the API Token User's name.

expiry
string<date-time>
required

The day on which the API token expires.

permissions
enum<string>[]
required

The set of permissions that inform which endpoints this token is authorized to access.

Available options:
api.organizations.read,
api.organizations.write,
api.organizations.delete,
api.engagements.read,
api.engagements.write,
api.engagements.delete,
api.analyses.read,
api.analyses.write,
api.analyses.delete,
api.analyses.run,
api.analysis-sources.read,
api.analysis-sources.write,
api.analysis-sources.delete,
api.file-manager.read,
api.file-manager.write,
api.file-manager.delete,
api.reporting-period-config.read,
api.reporting-period-config.write,
api.reporting-period-config.delete,
api.libraries.read,
api.libraries.write,
api.libraries.delete,
api.account-groupings.read,
api.account-groupings.write,
api.account-groupings.delete,
api.engagement-account-groupings.read,
api.engagement-account-groupings.write,
api.engagement-account-groupings.delete,
api.users.read,
api.users.write,
api.users.delete,
api.data-tables.read,
api.api-tokens.read,
api.api-tokens.write,
api.api-tokens.delete,
api.tasks.read,
api.tasks.write,
api.tasks.delete,
api.admin-reports.run,
api.analysis-types.read,
api.analysis-source-types.read,
api.analysis-type-configuration.read,
api.analysis-type-configuration.write,
api.analysis-type-configuration.delete,
api.risk-ranges.read,
api.risk-ranges.write,
api.risk-ranges.delete,
api.filters.read,
api.filters.write,
api.filters.delete,
api.file-infos.read,
api.webhooks.read,
api.webhooks.write,
api.webhooks.delete,
api.connections.read,
api.connections.write,
api.connections.delete,
api.connection-data-sources.read,
api.connection-data-sources.write,
api.connection-data-sources.delete,
scim.user.read,
scim.user.write,
scim.user.delete,
scim.user.schema
id
string

The unique object identifier.

creationDate
string<date-time>

The date that the object was originally created.

lastModifiedDate
string<date-time>

The date that the object was last updated or modified.

createdUserInfo
User Info · object
read-only

Details about the user who created the object.

lastModifiedUserInfo
User Info · object
read-only

Details about the user who last modified or updated the object.

userId
string

Identifies the API Token User associated with this token.

partialToken
string

A partial representation of the API token.

allowedAddresses
string[]

Indicates the set of addresses that are allowed to use this token. If empty, any address may use it.

token
string

The API token.

Note: The security of the API token is paramount. If compromised, contact your App Admin immediately.