2022-05-24 18:44:31 +01:00
# Access Token Management
2023-04-08 08:26:58 +09:00
DataHub provides the following `graphql` endpoints for managing Access Tokens. In this page you will see examples as well
2022-05-24 18:44:31 +01:00
as explanations as to how to administrate access tokens within the project whether for yourself or others, depending on the caller's privileges.
2023-04-08 08:26:58 +09:00
_Note_: This API makes use of DataHub Policies to safeguard against improper use. By default, a user will not be able to interact with it at all unless they have at least `Generate Personal Access Tokens` privileges.
2022-09-20 10:17:44 -07:00
### Generating Access Tokens
2022-05-24 18:44:31 +01:00
2023-04-08 08:26:58 +09:00
To generate an access token, simply use the `createAccessToken(input: GetAccessTokenInput!)` `graphql` Query.
2022-05-24 18:44:31 +01:00
This endpoint will return an `AccessToken` object, containing the access token string itself alongside with metadata
which will allow you to identify said access token later on.
2023-04-08 08:26:58 +09:00
For example, to generate an access token for the `datahub` corp user, you can issue the following `graphql` Query:
2022-05-24 18:44:31 +01:00
2023-04-08 08:26:58 +09:00
_As GraphQL_
2022-05-24 18:44:31 +01:00
```graphql
mutation {
2023-04-08 08:26:58 +09:00
createAccessToken(
input: {
type: PERSONAL
actorUrn: "urn:li:corpuser:datahub"
duration: ONE_HOUR
name: "my personal token"
}
) {
2022-05-24 18:44:31 +01:00
accessToken
metadata {
2022-05-25 21:08:27 +01:00
id
name
2022-05-24 18:44:31 +01:00
description
}
}
}
```
2023-04-08 08:26:58 +09:00
_As CURL_
2022-05-24 18:44:31 +01:00
```curl
curl --location --request POST 'http://localhost:8080/api/graphql' \
--header 'X-DataHub-Actor: urn:li:corpuser:datahub' \
--header 'Content-Type: application/json' \
2023-01-20 01:58:47 +01:00
--data-raw '{ "query":"mutation { createAccessToken(input: { type: PERSONAL, actorUrn: \"urn:li:corpuser:datahub\", duration: ONE_HOUR, name: \"my personal token\" } ) { accessToken metadata { id name description} } }", "variables":{}}'
2022-05-24 18:44:31 +01:00
```
2022-09-20 10:17:44 -07:00
### Listing Access Tokens
2022-05-24 18:44:31 +01:00
2023-04-08 08:26:58 +09:00
Listing tokens is a powerful endpoint that allows you to list the tokens owned by a particular user (ie. YOU).
To list all tokens that you own, you must specify a filter with: `{field: "actorUrn", value: "<your user urn>"}` configuration.
2022-05-24 18:44:31 +01:00
2023-04-08 08:26:58 +09:00
_As GraphQL_
2022-05-24 18:44:31 +01:00
```graphql
{
2023-04-08 08:26:58 +09:00
listAccessTokens(
input: {
start: 0
count: 100
filters: [{ field: "ownerUrn", value: "urn:li:corpuser:datahub" }]
}
) {
2022-05-24 18:44:31 +01:00
start
count
total
tokens {
urn
2022-05-25 21:08:27 +01:00
id
2022-05-24 18:44:31 +01:00
actorUrn
}
}
}
```
2023-04-08 08:26:58 +09:00
_As CURL_
2022-05-24 18:44:31 +01:00
```curl
curl --location --request POST 'http://localhost:8080/api/graphql' \
--header 'X-DataHub-Actor: urn:li:corpuser:datahub' \
--header 'Content-Type: application/json' \
2022-05-25 21:08:27 +01:00
--data-raw '{ "query":"{ listAccessTokens(input: {start: 0, count: 100, filters: [{field: \"ownerUrn\", value: \"urn:li:corpuser:datahub\"}]}) { start count total tokens {urn id actorUrn} } }", "variables":{}}'
2022-05-24 18:44:31 +01:00
```
2023-04-08 08:26:58 +09:00
Admin users can also list tokens owned by other users of the platform. To list tokens belonging to other users, you must have the `Manage All Access Tokens` Platform privilege.
2022-05-24 18:44:31 +01:00
2023-04-08 08:26:58 +09:00
_As GraphQL_
2022-05-24 18:44:31 +01:00
```graphql
{
2023-04-08 08:26:58 +09:00
listAccessTokens(input: { start: 0, count: 100, filters: [] }) {
2022-05-24 18:44:31 +01:00
start
count
total
tokens {
urn
2022-05-25 21:08:27 +01:00
id
2022-05-24 18:44:31 +01:00
actorUrn
}
}
}
```
2023-04-08 08:26:58 +09:00
_As CURL_
2022-05-24 18:44:31 +01:00
```curl
curl --location --request POST 'http://localhost:8080/api/graphql' \
--header 'X-DataHub-Actor: urn:li:corpuser:datahub' \
--header 'Content-Type: application/json' \
2022-05-25 21:08:27 +01:00
--data-raw '{ "query":"{ listAccessTokens(input: {start: 0, count: 100, filters: []}) { start count total tokens {urn id actorUrn} } }", "variables":{}}'
2022-05-24 18:44:31 +01:00
```
Other filters besides `actorUrn=<some value>` are possible. You can filter by property in the `DataHubAccessTokenInfo` aspect which you can find in the Entities documentation.
2022-09-20 10:17:44 -07:00
### Revoking Access Tokens
2023-04-08 08:26:58 +09:00
To revoke an existing access token, you can use the `revokeAccessToken` mutation.
2022-05-24 18:44:31 +01:00
2023-04-08 08:26:58 +09:00
_As GraphQL_
2022-05-24 18:44:31 +01:00
```graphql
mutation {
revokeAccessToken(tokenId: "HnMJylxuowJ1FKN74BbGogLvXCS4w+fsd3MZdI35+8A=")
}
```
```curl
curl --location --request POST 'http://localhost:8080/api/graphql' \
--header 'X-DataHub-Actor: urn:li:corpuser:datahub' \
--header 'Content-Type: application/json' \
--data-raw '{"query":"mutation {revokeAccessToken(tokenId: \"HnMJylxuowJ1FKN74BbGogLvXCS4w+fsd3MZdI35+8A=\")}","variables":{}}}'
```
2022-05-25 21:08:27 +01:00
This endpoint will return a boolean detailing whether the operation was successful. In case of failure, an error message will appear explaining what went wrong.
