Creating a Token
Use the /token endpoint to create a token.
For tokenType, specify either NORMAL or IMPERSONATED. For more information on these values, see Token Types and Their Uses. For information about the remaining attributes in the request body, see Token Attributes.
Important:To create and manage IMPERSONATED tokens, users require the Create Impersonated Token permission and a Manage Users permission (see Permissions for access-token-controller).
|
Item |
Description |
|
URI |
/uar/v1/token |
|
Method |
POST |
|
Query parameters |
N/A |
|
Request body |
{ "expiryStr": "string", "tokenDescription": "string", "tokenName": "string", "tokenType": "NORMAL | IMPERSONATED", "username": "string" } |
|
Response codes |
201: The token was successfully created. |
Sample Request
The following request creates an IMPERSONATED token that is valid for 10 minutes and associated with the user name fnouser@mycompany.com.
{
"expiryStr": "10m",
"tokenDescription": "Impersonating fnouser",
"tokenName": "demo",
"tokenType": "IMPERSONATED",
"username": "fnouser@mycompany.com"
}
Sample Response
The following shows a sample response for the successful creation of an IMPERSONATED token.
{
"statusMessage": "Successful",
"responseObject": {
"expiryStr": "10m",
"tokenExpiryMillis": 1716900570355,
"tokenIssueMillis": 1716899970355,
"tokenName": "demo",
"tokenCreator": "systemadmin@mycompany.com",
"tokenType": "IMPERSONATED",
"tokenValue": "rna_5dcd6233abs227140394653da3a328ad5556b058d87",
"username": "fnouser@mycompany.com"
},
}
The token creator—systemadmin@mycompany.com—is the logged-in user who requested the token. They are impersonating the user with the ID fnouser@mycompany.com, to access the API on their behalf.
Make a note of the token value—in this example, rna_5dcd6233abs227140394653da3a328ad5556b058d87. This is the only time the token value is displayed. This value must be included as a Bearer token in the Authorization HTTP header for authorization requests.