Managing API tokens

Depending on the permissions associated with your API token and the Absolute product licenses associated with your account, some API resources may not be available.

You can view each API token that you created on the API management page. In addition, if your user is assigned to the default System Administrators role, you can view every token in the account. Tokens with the earliest expiry date are shown first so that you can quickly see tokens that have expired and tokens that will expire soon. Each token displays the following information:

Token name
Token description (if provided)
An Expired or Suspended label if the token is expired or the user associated with the token is suspended
Expiration date

If there is no expiration date for the token, Expiry not set shows.
Date the token was last used
The date the token was last modified
The first and last name of the user that modified the token and the user's associated role

You can edit API tokens that you created by changing the name or description, updating the expiration date, or updating the approved IP addresses. You may also want to delete a token you created. If your user is assigned to the default System Administrator role, you can edit and delete every active token in the account.

Expired and suspended tokens can't be modified but can be deleted.

You can't edit token permissions after the token has been created.

Editing an API token

The user associated with an API token, or a user assigned to the default System Administrator role, can change the name, description, expiration date, and approved IP addresses of an active API token.

If the user associated with an API token is suspended, a default System Administrator can delete, but not edit, the token.

To edit an API token:

Log in to the Secure Endpoint Console as user with the Manage permission for API credentials.
On the navigation bar, click Settings > API management.
Locate the token that you want to edit. In Search, enter part of the name, description, or token ID of the token that you want to edit. Search results update dynamically as you type. To view only active tokens, clear Show expired.

If your user is assigned to the default System Administrator role, click My tokens or Other tokens to limit the results.
Do one of the following:
- Hover over the API token's row to display the quick action bar and click (Edit).
- Click the token name.
[Optional] Enter a new Token name and Description.
[Optional] Click the Expiration date field and edit the expiration date by doing one of the following:
- Enter a date in YYYY-MM-DD format
- Use the Calendar picker to select a date
- Select one of the predefined expiry date ranges
You can update the expiry date of the token to be one year from today.

If the token doesn't have an expiration date, you are required to update this field.
[Optional] Update the IP addresses that should have access to the APIs. Both IPv4 and IPv6 IP addresses in single and CIDR format are accepted. If no IP addresses are entered, the APIs can be accessed from any IP address. Do one or more of the following:
Enter new IP addresses
1. Enter or copy and paste one of the following in to Approved IP Address:
  - An individual IP address
  - A list of IP addresses separated by a space ( ), comma (,), semi-colon (;), or line break
2. Click Add or press Enter.
  
  IP addresses are listed below the entry field. Validation is done on each IP address. If validation fails, you see Invalid IP address. Do one of the following:
  - To delete the IP address, click (Remove).
  - To edit the IP address, click in the IP address, make your changes, and press Tab or click away from the IP address. Validation is done on the updated IP address.
Update existing IP addresses
- Click in the IP address and make your changes, and press Tab or click away from the IP address. Validation is done on the updated IP address.
Delete existing IP addresses

Click (Remove) beside the IP address.
Click Save.

The token is updated. An API token updated event is logged to Event History.

Deleting an API token

The user associated with a token, or a user assigned to the default System Administrator role, can revoke access to an Absolute API by deleting the appropriate API tokens. Expired and suspended tokens can be deleted. Deleting the token also deletes the record of the token from the Secure Endpoint Console. To revoke access but keep a record of the token, you can update the expiry date of the token instead.

Log in to the Secure Endpoint Console as user with the Manage permission for API credentials.
On the navigation bar, click Settings > API management.
Locate the token that you want to delete. In Search, enter part of the name, description, or token ID of the token that you want to edit. Search results update dynamically as you type. To view only active tokens, clear Show expired.

If your user is assigned to the default System Administrator role, click My tokens or Other tokens to limit the results.
Do one of the following:

Using Delete

Hover over the API token's row to display the quick action bar and click (Delete).
Using Edit
1. Click the token name.
2. Click Delete.
Review the Delete API token notification. If you are sure you want to delete the token, click Delete.

The token is deleted and is no longer viewable in the Secure Endpoint Console. An API token deleted event is logged to Event History.