VMS enables you to create and manage tokens that can be used to securely authenticate calls to the VMS REST API, instead of passing a user name and password. An API token authorizes usage of the endpoints for which the user has the required RBAC permissions.
API tokens can be managed using the VAST CLI and the VMS API.
API Token Limits per User
By default, users can have up to five valid tokens simultaneously. The number of tokens allowed per user is configurable for all manager users on the cluster with the vms set_max_api_tokens_per_user CLI command.
Permissions Required to Manage API Tokens
All VMS manager users can view the properties of their API tokens.
Managing API tokens and viewing other users' tokens requires the following permissions:
Realm | Permission | Allowed Action |
|---|---|---|
Security | Create | Create API tokens. |
Edit | Modify API tokens. | |
Delete | Revoke API tokens. | |
View | View other users' API tokens. |
Managing API Tokens with the VAST CLI
Use the following commands to manage API tokens:
To create a token: apitoken create
To modify the name and/or expiration date of a token.apitoken modify
To revoke a token: apitoken revoke
To display details of a specific token: apitoken show
To list details of tokens: apitoken list
To set the maximum number of tokens per user (all VMS users): vms set_max_api_tokens_per_user
Managing API Tokens with the VAST REST API
Refer to the VAST Management Service (VMS) REST API Documentation.