API Tokens

Manage API access tokens for secure authentication.

Overview

API tokens provide secure, programmatic access to the de.iterate API. Each token can have specific permissions and expiration dates.

Creating Tokens

typescript

const result = await client.apiTokens.createToken({
  name: 'CI/CD Integration',
  accessType: 'granular',
  permissions: [
    { resource: 'risks', actions: ['read'] },
    { resource: 'assets', actions: ['read', 'write'] },
  ],
  expiresAt: '2025-12-31',
  description: 'Token for automated deployments',
});

// Save this token securely - it's only shown once!
console.log('Token:', result.token);

Access Types

Type	Description
`full`	Full access to all resources
`granular`	Specific permissions per resource

Available Permissions

Action	Description
`read`	View resources
`write`	Create and update resources
`delete`	Remove resources

Listing Tokens

typescript

const response = await client.apiTokens.list();

for (const token of response.data) {
  console.log(`${token.name} - Expires: ${token.expiresAt}`);
}

Revoking Tokens

typescript

await client.apiTokens.revoke('token-id');

Best Practices

Use granular permissions - Only grant necessary access
Set expiration dates - Don't create tokens that never expire
Rotate regularly - Replace tokens periodically
Store securely - Never commit tokens to source control
Use environment variables - Load tokens from secure storage

Next Steps

APITokensResource API - Full API reference
Authentication - Authentication overview

API Tokens ​

Overview ​

Creating Tokens ​

Access Types ​

Available Permissions ​

Listing Tokens ​

Revoking Tokens ​

Best Practices ​

Next Steps ​

API Tokens

Overview

Creating Tokens

Access Types

Available Permissions

Listing Tokens

Revoking Tokens

Best Practices

Next Steps