2022-05-24 18:44:31 +01:00
# Access Token Management
2022-09-20 10:17:44 -07:00
DataHub provides the following GraphQL endpoints for managing Access Tokens. In this page you will see examples as well
2022-05-24 18:44:31 +01:00
as explanations as to how to administrate access tokens within the project whether for yourself or others, depending on the caller's privileges.
2022-09-20 10:17:44 -07:00
*Note*: This API makes use of DataHub Policies to safeguard against improper use. By default, a user will not be able to interact with it at all unless they have at least `Generate Personal Access Tokens` privileges.
### Generating Access Tokens
2022-05-24 18:44:31 +01:00
To generate an access token, simply use the `createAccessToken(input: GetAccessTokenInput!)` GraphQL Query.
This endpoint will return an `AccessToken` object, containing the access token string itself alongside with metadata
which will allow you to identify said access token later on.
For example, to generate an access token for the `datahub` corp user, you can issue the following GraphQL Query:
*As GraphQL*
```graphql
mutation {
createAccessToken(input: {type: PERSONAL, actorUrn: "urn:li:corpuser:datahub", duration: ONE_HOUR, name: "my personal token"}) {
accessToken
metadata {
2022-05-25 21:08:27 +01:00
id
name
2022-05-24 18:44:31 +01:00
description
}
}
}
```
*As CURL*
```curl
curl --location --request POST 'http://localhost:8080/api/graphql' \
--header 'X-DataHub-Actor: urn:li:corpuser:datahub' \
--header 'Content-Type: application/json' \
2023-01-20 01:58:47 +01:00
--data-raw '{ "query":"mutation { createAccessToken(input: { type: PERSONAL, actorUrn: \"urn:li:corpuser:datahub\", duration: ONE_HOUR, name: \"my personal token\" } ) { accessToken metadata { id name description} } }", "variables":{}}'
2022-05-24 18:44:31 +01:00
```
2022-09-20 10:17:44 -07:00
### Listing Access Tokens
2022-05-24 18:44:31 +01:00
2022-09-20 10:17:44 -07:00
Listing tokens is a powerful endpoint that allows you to list the tokens owned by a particular user (ie. YOU).
To list all tokens that you own, you must specify a filter with: `{field: "actorUrn", value: "<your user urn>"}` configuration.
2022-05-24 18:44:31 +01:00
*As GraphQL*
```graphql
{
listAccessTokens(input: {start: 0, count: 100, filters: [{field: "ownerUrn", value: "urn:li:corpuser:datahub"}]}) {
start
count
total
tokens {
urn
2022-05-25 21:08:27 +01:00
id
2022-05-24 18:44:31 +01:00
actorUrn
}
}
}
```
*As CURL*
```curl
curl --location --request POST 'http://localhost:8080/api/graphql' \
--header 'X-DataHub-Actor: urn:li:corpuser:datahub' \
--header 'Content-Type: application/json' \
2022-05-25 21:08:27 +01:00
--data-raw '{ "query":"{ listAccessTokens(input: {start: 0, count: 100, filters: [{field: \"ownerUrn\", value: \"urn:li:corpuser:datahub\"}]}) { start count total tokens {urn id actorUrn} } }", "variables":{}}'
2022-05-24 18:44:31 +01:00
```
2022-09-20 10:17:44 -07:00
Admin users can also list tokens owned by other users of the platform. To list tokens belonging to other users, you must have the `Manage All Access Tokens` Platform privilege.
2022-05-24 18:44:31 +01:00
*As GraphQL*
```graphql
{
listAccessTokens(input: {start: 0, count: 100, filters: []}) {
start
count
total
tokens {
urn
2022-05-25 21:08:27 +01:00
id
2022-05-24 18:44:31 +01:00
actorUrn
}
}
}
```
*As CURL*
```curl
curl --location --request POST 'http://localhost:8080/api/graphql' \
--header 'X-DataHub-Actor: urn:li:corpuser:datahub' \
--header 'Content-Type: application/json' \
2022-05-25 21:08:27 +01:00
--data-raw '{ "query":"{ listAccessTokens(input: {start: 0, count: 100, filters: []}) { start count total tokens {urn id actorUrn} } }", "variables":{}}'
2022-05-24 18:44:31 +01:00
```
Other filters besides `actorUrn=<some value>` are possible. You can filter by property in the `DataHubAccessTokenInfo` aspect which you can find in the Entities documentation.
2022-09-20 10:17:44 -07:00
### Revoking Access Tokens
To revoke an existing access token, you can use the `revokeAccessToken` mutation.
2022-05-24 18:44:31 +01:00
*As GraphQL*
```graphql
mutation {
revokeAccessToken(tokenId: "HnMJylxuowJ1FKN74BbGogLvXCS4w+fsd3MZdI35+8A=")
}
```
```curl
curl --location --request POST 'http://localhost:8080/api/graphql' \
--header 'X-DataHub-Actor: urn:li:corpuser:datahub' \
--header 'Content-Type: application/json' \
--data-raw '{"query":"mutation {revokeAccessToken(tokenId: \"HnMJylxuowJ1FKN74BbGogLvXCS4w+fsd3MZdI35+8A=\")}","variables":{}}}'
```
2022-05-25 21:08:27 +01:00
This endpoint will return a boolean detailing whether the operation was successful. In case of failure, an error message will appear explaining what went wrong.
2022-09-20 10:17:44 -07:00
## Feedback, Feature Requests, & Support
Visit our [Slack channel ](https://slack.datahubproject.io ) to ask questions, tell us what we can do better, & make requests for what you'd like to see in the future. Or just
stop by to say 'Hi'.
