Skip to content
REST API Reference/
Access Token Controller R...
/
/
Verify an access token

Introduction to the Access Token Controller REST API (2024.09)

FlexNet Operations Access Tokens API

Download OpenAPI description
openapi-access-tokens.json
openapi-access-tokens.yaml
Languages
Servers
Mock server
https://fnoapi.redocly.app/_mock/apis/rest/accesstokencontroller/openapi-access-tokens
Replace {siteID} with your FlexNet Operations instance.
https://{siteID}.flexnetoperations.com/flexnet

Access Token Controller

A REST Controller for creating access tokens to be used as bearer authentication tokens for calling FlexNet Operations APIs (SOAP and REST). This REST web service also supports reading, updating, searching, rotating, and deleting tokens.

FlexNet Operations uses different token types to manage different access levels and operations:

  • NORMAL tokens can be requested by any FlexNet Operations user to authenticate themselves at a FlexNet Operations API.
  • IMPERSONATED tokens can be requested by a privileged user for use by other FlexNet Operations users.

To create and manage IMPERSONATED tokens, users require the Create Impersonated Token permission and a Manage Users permission.

Operations

Create an access token

Request

Use this API to create an access token.

The response includes the token value. This is the only time the token value is displayed. The value must be included as a Bearer token in the Authorization HTTP header for authorization requests.

Typically, an access token has the following attributes:

  • Token name—Must be unique and 5 - 25 characters long.
  • Expiry string—The token lifetime. Format: *y *M *d *h *m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and * representing any number.
  • Token type—Valid values: NORMAL | IMPERSONATED.
  • Token description—Mandatory for IMPERSONATED tokens.
  • Username—User name of the user on whose behalf the token is created. Mandatory for IMPERSONATED tokens.

When a username is provided for the creation of a NORMAL token, that username is ignored when calling an API. Instead, the user calling the API is authenticated.

Bodyapplication/jsonrequired

reqBody

expiryStrstringrequired

Lifetime of the token as specified when the token was created.
Format: *y *M *d *h *m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and * representing any number.

tokenDescriptionstring

Mandatory for IMPERSONATED tokens; optional for NORMAL tokens. For IMPERSONATED tokens, use this field to capture the impersonation reason.

tokenNamestringrequired

Name of the token, must be 5 - 25 characters long.
The following characters are not supported:
* < > + $ ? . ^ | % ] \\\\ (four consecutive back slashes are not allowed)
HTML tags that may indicate an XSS attack will be rejected.

tokenTypestringrequired

Specify the token type.
NORMAL tokens can be requested by any FlexNet Operations user.
IMPERSONATED tokens can be requested by a privileged user on behalf of another FlexNet Operations user.

Enum"NORMAL""IMPERSONATED"
usernamestringrequired

The user for whom the token is created. Usually this is specified as an email address. This field is mandatory for IMPERSONATED tokens.

curl -i -X POST \
  https://fnoapi.redocly.app/_mock/apis/rest/accesstokencontroller/openapi-access-tokens/uar/v1/token \
  -H 'Content-Type: application/json' \
  -d '{
    "expiryStr": "string",
    "tokenDescription": "string",
    "tokenName": "string",
    "tokenType": "NORMAL",
    "username": "string"
  }'

Responses

OK

Bodyapplication/json
responseObjectobject(AccessTokenResponseWithTokenValue)
statusMessagestring

The status message related to this API request.

Response
application/json
{
  "responseObject": {
    "expiryStr": "string",
    "tokenDescription": "string",
    "tokenExpiryMillis": 0,
    "tokenIssueMillis": 0,
    "tokenName": "string",
    "tokenCreator": "string",
    "tokenType": "NORMAL",
    "tokenValue": "string",
    "username": "string"
  },
  "statusMessage": "string"
}

Verify an access token

Request

Use this API to very if a token is valid. Pass the token value in the request body. The response shows if the token is valid, along with information about the token.

Only the token creator can verify IMPERSONATED tokens. If you do not have the Create Impersonated Token and relevant Manage Users permissions, the API returns obfuscated values.

Bodyapplication/jsonrequired

accessToken

accessTokenstringrequired

The value of the access token that should be verified.

curl -i -X POST \
  https://fnoapi.redocly.app/_mock/apis/rest/accesstokencontroller/openapi-access-tokens/uar/v1/token/verification \
  -H 'Content-Type: application/json' \
  -d '{
    "accessToken": "string"
  }'

Responses

OK

Bodyapplication/json
responseObjectobject(AccessTokenResponse)
statusMessagestring

The status message related to this API request.

Response
application/json
{
  "responseObject": {
    "expiryStr": "string",
    "tokenDescription": "string",
    "tokenExpiryMillis": 0,
    "tokenIssueMillis": 0,
    "tokenName": "string",
    "tokenCreator": "string",
    "tokenType": "NORMAL",
    "username": "string"
  },
  "statusMessage": "string"
}

Get details of access token

Request

Use this API to fetch the details of an access token identified by its name.

Path
tokenNamestringrequired

The name of the token for which you want to retrieve details (case sensitive).

curl -i -X GET \
  'https://fnoapi.redocly.app/_mock/apis/rest/accesstokencontroller/openapi-access-tokens/uar/v1/token/{tokenName}'

Responses

OK

Bodyapplication/json
responseObjectobject(AccessTokenResponse)
statusMessagestring

The status message related to this API request.

Response
application/json
{
  "responseObject": {
    "expiryStr": "string",
    "tokenDescription": "string",
    "tokenExpiryMillis": 0,
    "tokenIssueMillis": 0,
    "tokenName": "string",
    "tokenCreator": "string",
    "tokenType": "NORMAL",
    "username": "string"
  },
  "statusMessage": "string"
}

Update an access token

Request

Use this API to update some of the attributes of a specified access token. Specify the name of the token that you want to update in the path (case sensitive).

In the request body, specify the new values. You can update the following token attributes:

  • tokenName—Must be 5 - 25 characters long.
  • tokenDescription—For IMPERSONATED tokens this field should state the impersonation reason.
  • expiryStr—Must not be in the past. Format:*y *M *d *h *m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and * representing any number.

Only the token creator or another privileged user can update an IMPERSONATED token. You cannot edit an expired token or set the token expiry to a time in the past.

Path
tokenNamestringrequired

Name of the token to be updated (case sensitive).

Bodyapplication/jsonrequired

reqBody

expiryStrstringrequired

Lifetime of the token as specified when the token was created.
Format: *y *M *d *h *m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and * representing any number.

tokenDescriptionstring

Mandatory for IMPERSONATED tokens; optional for NORMAL tokens. For IMPERSONATED tokens, this field should capture the impersonation reason.

tokenNamestringrequired

The name of the token.

curl -i -X PUT \
  'https://fnoapi.redocly.app/_mock/apis/rest/accesstokencontroller/openapi-access-tokens/uar/v1/token/{tokenName}' \
  -H 'Content-Type: application/json' \
  -d '{
    "expiryStr": "string",
    "tokenDescription": "string",
    "tokenName": "string"
  }'

Responses

OK

Bodyapplication/json
bodyobject
statusCodestring
Enum"100""101""102""103""200""201""202""203""204""205"
statusCodeValueinteger(int32)
Response
application/json
{
  "body": {},
  "statusCode": "100",
  "statusCodeValue": 0
}

Delete an access token

Request

Use this API to delete an access token. Pass the name of the token to be deleted as a path parameter. The token name is case sensitive.

A deleted token can no longer be used to access the APIs.

Only the token creator can delete a token; this means that only users with the Create Impersonated Token and relevant Manage Users permission can delete IMPERSONATED tokens.

Path
tokenNamestringrequired

The name of the token to be deleted (case sensitive).

curl -i -X DELETE \
  'https://fnoapi.redocly.app/_mock/apis/rest/accesstokencontroller/openapi-access-tokens/uar/v1/token/{tokenName}'

Responses

OK

Bodyapplication/json
bodyobject
statusCodestring
Enum"100""101""102""103""200""201""202""203""204""205"
statusCodeValueinteger(int32)
Response
application/json
{
  "body": {},
  "statusCode": "100",
  "statusCodeValue": 0
}

Rotate an access token

Request

Token rotation means that a token's value is changed, but no other properties. Pass the name of the token to be rotated as a path parameter. The token name is case sensitive.

The response contains the new token value. Make a note of the token value; this is the only time that the new value is displayed.

It is recommended to frequently rotate access tokens, but care should be exercised to not break any integrations you may have.

Path
tokenNamestringrequired

The name of the access token to be rotated (case sensitive).

curl -i -X POST \
  'https://fnoapi.redocly.app/_mock/apis/rest/accesstokencontroller/openapi-access-tokens/uar/v1/token/{tokenName}/rotation'

Responses

OK

Bodyapplication/json
responseObjectobject(AccessTokenResponseWithTokenValue)
statusMessagestring

The status message related to this API request.

Response
application/json
{
  "responseObject": {
    "expiryStr": "string",
    "tokenDescription": "string",
    "tokenExpiryMillis": 0,
    "tokenIssueMillis": 0,
    "tokenName": "string",
    "tokenCreator": "string",
    "tokenType": "NORMAL",
    "tokenValue": "string",
    "username": "string"
  },
  "statusMessage": "string"
}

List non-expired access tokens

Request

Use this API to get a list of all non-expired access tokens for a specified user.
You must specify either the username or the tokenCreator parameter as search criteria.
If you pass values for both parameters in the same request, the API returns a list of all non-expired tokens that match both parameters.
If you do not have the Create Impersonated Token and relevant Manage Users permissions, the API returns obfuscated values.

Tip: If you want a more fine-grained search, use /tokens/search.

Query
usernamestring

The email address of the user for whom tokens should be listed (case sensitive). This is the user for whom the token was created.

tokenCreatorstring

The email address of the token creator for whom tokens should be listed (case sensitive). This is the user who created tokens on another user's behalf.

pageinteger(int32)

Retrieves a specific page. Must be a number (starting from 0).

pageSizeinteger(int32)

Specifies how many tokens per page should be returned. Must be a number.
Tip: Use the /tokens/count API to determine the total number of records for a specified user.

curl -i -X GET \
  'https://fnoapi.redocly.app/_mock/apis/rest/accesstokencontroller/openapi-access-tokens/uar/v1/tokens?username=string&tokenCreator=string&page=0&pageSize=0'

Responses

OK

Bodyapplication/json
responseObjectArray of objects(AccessTokenResponse)

The return value of this API request

statusMessagestring

The status message related to this API request.

Response
application/json
{
  "responseObject": [
    {}
  ],
  "statusMessage": "string"
}

Get count of non-expired access tokens

Request

Use this API to get a count of all non-expired access tokens for a specified user.
You must specify either the username or the tokenCreator parameter as search criteria.
Tip: Use this API to specify values for the pagination parameters of the /tokens API.

Query
usernamestring

The email address of the user for whom the token count should be returned (case sensitive). This is the user for whom the tokens were created.

tokenCreatorstring

The email address of the token creator for whom the token count should be returned (case sensitive). This is the user who created tokens on another user's behalf.

curl -i -X GET \
  'https://fnoapi.redocly.app/_mock/apis/rest/accesstokencontroller/openapi-access-tokens/uar/v1/tokens/count?username=string&tokenCreator=string'

Responses

OK

Bodyapplication/json
responseObjectinteger(int32)

The return value of this API request

statusMessagestring

The status message related to this API request.

Response
application/json
{
  "responseObject": 0,
  "statusMessage": "string"
}

Search for non-expired access tokens

Request

Get a list of all non-expired access tokens that match specified search criteria.

You must specify at least one of the following search criteria. If you pass multiple parameters as search criteria, the API returns non-expired tokens that match all parameters.

  • tokenName—Search by token name. Use an asterisk (*) as placeholder for partial searches.
  • tokenType—Either NORMAL or IMPERSONATED. If not specified, all token types will be returned.
  • username—The email address of the user for whom the token was created.
  • tokenCreator—The email address of the user who created the token on another user's behalf. For NORMAL tokens, username and tokenCreator must be the same. For IMPERSONATED tokens, the user firing this query must have the Create Impersonated Token permission and a Manage Users permission.
  • expiresBefore—Specify to filter for tokens that expire before a specified interval. Can be used in conjunction with the expiresLaterThan parameter to filter for a given time range. In that case, expiresBefore must be greater than expiresLaterThan.
  • expiresLaterThan—Specify to filter for tokens that expire after a specified interval. Can be used in conjunction with the expiresBefore parameter to filter for a given time range. In that case, expiresLaterThan must be less than expiresBefore.
  • issuedBefore—Specify to filter for tokens that were issued before a specified interval.

If you do not have permission to view a given token, its details are returned as masked entries.

The format for expiresBefore, expiresLaterThan and issuedBefore is *y *M *d *h *m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and * representing any number.

In addition to the search criteria above you must also specify the following parameters:

  • page—The number of the page to be returned (zero based).
  • pageSize—The number of records returned per page.

Bodyapplication/jsonrequired

searchToken

tokenCreatorstring

The email address of the user who created tokens on another user's behalf (case sensitive).

expiresBeforestring

Gets tokens that expire before a specified interval. If used in conjunction with expiresLaterThan, must be greater than expiresLaterThan. Use the format 5y 6M 4d 3h 5m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive).

expiresLaterThanstring

Gets tokens that expire after a specified interval. If used in conjunction with expiresBefore, must be less than expiresBefore. Use the format 5y 6M 4d 3h 5m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive).

issuedBeforestring

Gets tokens that were issued before a specified interval. Use the format 5y 6M 4d 3h 5m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive).

pageinteger(int32)required

The number of the page to be returned (zero based).

pageSizeinteger(int32)required

The number of records returned per page.

tokenNamestring

The name of the token. Use an asterisk (*) as placeholder for partial searches.

tokenTypestring

Type of the token.

Enum"NORMAL""IMPERSONATED"
usernamestring

The email address of the user for whom the token was created (case sensitive).

curl -i -X POST \
  https://fnoapi.redocly.app/_mock/apis/rest/accesstokencontroller/openapi-access-tokens/uar/v1/tokens/search \
  -H 'Content-Type: application/json' \
  -d '{
    "tokenCreator": "string",
    "expiresBefore": "string",
    "expiresLaterThan": "string",
    "issuedBefore": "string",
    "page": 0,
    "pageSize": 0,
    "tokenName": "string",
    "tokenType": "NORMAL",
    "username": "string"
  }'

Responses

OK

Bodyapplication/json
responseObjectobject(PaginationSupportedResponse_List_AccessTokenResponse_)
statusMessagestring

The status message related to this API request.

Response
application/json
{
  "responseObject": {
    "pageNumber": 0,
    "pageSize": 0,
    "response": [],
    "totalResults": 0
  },
  "statusMessage": "string"
}