Long-lived API Tokens

Long-lived API tokens are essential for secure server-to-server communication, enabling seamless authentication without frequent renewals.

With Bluebricks, managing these tokens becomes even easier through centralized API endpoints that allow you to create, monitor, and revoke tokens efficiently.

This guide discusses how to setup and manage long-lived API tokens in Bluebricks.

Prerequisites

Managing long-lived API tokens requires one of the following permissions:

• create:organization_api_key

• read:organization_api_key

• update:organization_api_key

• update:organization_api_key

In addition, to create the first API token, the bricks CLI must be installed and logged in on the workstation.

Create a new long-lived API token

Use the POST Auth Key API to create a long-lived API token:

curl https://api.bluebricks.co/api/v1/auth/key \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --data '{"name": "YOUR_TOKEN_NAME"}'

For first-time creation, use the following command to retrieve your CLI Bearer token:

cat ~/.bricks/credentials.yaml | grep token | sed -n 's/^token: Bearer //p'

Get-Content "$HOME\.bricks\credentials.yaml" | Select-String -Pattern 'token:' | ForEach-Object { $_ -replace '^token: Bearer ', '' }

List a new long-lived API token

Use the GET Auth Keys API to list your long-lived API tokens:

curl https://api.bluebricks.co/api/v1/auth/keys \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

Deactivate a long-lived API token

Use the POST Auth Deactivetate Key API to disable long-lived API tokens:

curl https://api.bluebricks.co/api/v1/auth/key/deactivate \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --data '{
  "name": "YOUR_TOKEN_NAME_TO_DEACTIVATE"
}'

Activate a long-lived API token

Use the POST Auth Activate Key API to enable long-lived API tokens:

curl https://api.bluebricks.co/api/v1/auth/key/activate \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --data '{
  "name": "YOUR_TOKEN_NAME_TO_DEACTIVATE"
}'