Manage API Tokens

Administrators can create and manage Personal API Tokens used for API authentication within A10 Control. It uses role-based access control (RBAC) for API access through API tokens replacing the earlier organization level API key. Personal API Tokens ensure each API users can perform only the operations allowed by their assigned roles aligning API access with the principle of least privilege used in the A10 Control.

The legacy organization-level API key is no longer supported for external API access. It is now limited to select internal workflows, such as device registration, with restricted permissions.

Org Admin and Org Operator can generate and delete their own API tokens. Org Admin can also manage and delete API tokens of other users.

Key Benefits

• Granular authorization: API users are restricted to the endpoints allowed by their specific roles.
• Enhanced security: Sensitive operations are restricted to authorized users or systems.
• Scoped integrations: Each automation or integration can use its own token with precisely defined permissions.
• Enhanced auditability: All API activity is logged and associated with the specific user or integration.

API Authorization Behavior

• Each API token is linked to the user’s access group, which determines the API operations and endpoints the token can access.

• If an API request attempts to access endpoints outside the assigned permissions, the request is rejected with an error response.

Personal API Tokens

To view Personal API tokens, navigate to Organization > Users & Permissions > API Tokens.

On the API Tokens tab, you can view the Personal API Tokens and API Token Managements tables and perform the following actions:

• Create: Create the API token.
• Delete: Hover over the Kebab menu associated to the token and click Delete to remove the API token.

NOTE:

Org-Admins can delete API tokens created by any user from the API Token Management page.