Skip to content

Creating and Managing API Tokens

To authenticate with the Aegis API, you need an API token. You can create and manage tokens in the Aegis web console:

  1. Navigate to API Tokens
    In the left sidebar, go to Settings > API Tokens.

  2. Create a New Token
    Click the + Create New Token button.

  3. Fill in Token Details

  4. Token Name: Enter a descriptive name (e.g., CI/CD, Personal, Read-only).
  5. Role: Select the appropriate permission level (e.g., View (Read-only), Admin).
  6. Expiry Duration: Set how long the token should be valid (e.g., 30 days, 12 months).

  7. Expiry Unit: Choose the unit (days, months, years).

  8. Create and Save the Token
    Click Create Token. Copy and securely store the token value when it is shown—you will not be able to view it again.

  9. Manage Existing Tokens

  10. View all tokens, their creators, and expiry dates in the API Tokens list.
  11. Revoke tokens at any time by clicking the trash icon next to a token.

Best Practices for API Tokens

  • Use Least Privilege: Assign the minimum permissions necessary for each token.
  • Set Expiry: Prefer shorter expiry durations and renew tokens as needed.
  • Unique Tokens per Use Case: Create separate tokens for different applications, users, or automation tasks.
  • Store Securely: Never share tokens publicly or commit them to source control. Use environment variables or secret managers.
  • Rotate Regularly: Periodically revoke and recreate tokens to reduce risk.
  • Monitor Usage: Remove unused or expired tokens promptly.

For more details, see the Authentication page.