Skip to main content

Private User Token Store ACLs

It is possible to define ACLs for private user tokens. These ACLs are not required tokens private to the Management API Client because those tokens are.. completely private to the Management API Client.

The user token API is documented in the normal path at /apidoc.

Each token may have the following ACLs defined:

  1. owner like this (PUT /api/rest/v1/user/{userId}/token):
"owner": { "id": "string", "type": "USER" }
  1. read-write (POST /api/rest/v1/user/{userId}/token/{key}/rw) in an array
[ { "id": "string", "type": "USER" } ]
  1. read-only (POST /api/rest/v1/user/{userId}/token/{key}/ro) in an array
[ { "id": "string", "type": "USER" } ]

This arrangement allows for controlled sharing of user data between external applications.