Organization API Tokens Security Policies

The Organization API Token Security Policy controls the ability to create an Organization API token, the enforced expiry and IP filters. It is also possible to allow updates to permissions for existing tokens.

  • Allow Organization API tokens

    When enabled, users can go to the Organization tokens within the Organization Settings page and create or update their Organization API token. See Organization API Tokens for more information on creating a token.

    When disabled, existing tokens will be deleted, and the option to create an Organization token will no longer be available.

  • Allow updating permissions for existing tokens

    If ticked, existing tokens can be modified to change the permissions and abilities granted to the token. Changes made in this way are instant as soon as the permissions are updated.

  • Token expiration

    If enabled, a maximum duration for an Organization API token will be enforced at the point that tokens are created and it won't be possible to create Organization API tokens with a duration longer than the configured token expiration. The expiration can be expressed in the number of days, hours or minutes. See Behavior When Changing Token Security Policies for information on the effect of changing this setting.

  • Enforce IP filter

    When enabled, it applies the selected IP filter to all requests made with an Organization API token. The token will only work when the IP filter has not blocked or restricted access. You can select a named IP filter from the list. See IP Filters for more information on creating named IP filters.