API Tokens¶
API tokens allow programmatic access to the TagOps API without using the web console. Use them for the CloudFormation macro and the Terraform module.
Overview¶
API tokens are long-lived credentials that authenticate requests to the TagOps API. Each token is scoped to your tenant and has a permission level (read or write). Tokens are stored as hashes; the plain token is shown only once when created.
Token Properties¶
| Property | Description |
|---|---|
| Name | A unique identifier for the token (e.g., cloudformation-macro). Used to manage the token; not used for authentication. |
| Scope | Permission level: read (view-only) or write (full access). |
| Expires At | Expiration date and time. Tokens cannot be set to expire more than 1 year from creation. |
| Status | Active or inactive. Inactive tokens are rejected by the API. |
Creating a Token¶
- Go to Settings → API Tokens.
- Click Create Token.
- Enter a name, expiration date, and scope.
- Click Create.
- Copy and store the token immediately. It is shown only once and cannot be retrieved later.
Activating a Token¶
Activating a token re-enables it after it has been deactivated.
- Go to Settings → API Tokens.
- Find the inactive token in the list.
- Click the Activate button (checkmark icon).
Deactivating a Token¶
Deactivating a token temporarily disables it without deleting it. Deactivated tokens are rejected by the API. Use this when you suspect a token may be compromised or when pausing automation—you can reactivate it later.
- Go to Settings → API Tokens.
- Find the active token in the list.
- Click the Deactivate button (cancel icon).
Deleting a Token¶
Deleting a token permanently removes it. The token cannot be recovered. Any automation or integrations using that token will stop working immediately.
- Go to Settings → API Tokens.
- Find the token in the list.
- Click the Delete button (trash icon).
- Confirm the deletion.