Manage Repository API Tokens

Security Requirements and Controls

Repository tokens may be modified depending on the settings within the Repository and View API tokens security policy. If the Update permissions setting is enabled, an existing repository token can be modified to update the permissions granted. In addition, tokens can be renewed (if allowed) or deleted.

To view the details for an existing token, select the token from the list in the Repository and View API Tokens interface. This will show a summary of the organization API token, expiry, permissions, and IP filter information:

  • Expiry information is shown at the top of the summary in both the duration and an explicit date and time when the token will expire. Expiry information cannot be changed.

  • Permission information is shown with each permission and a corresponding green tick (enabled) and red cross (denied). Permission information cannot be changed unless the Update permissions option is enabled within the Repository token security policy.

If editing the permissions is enabled, click Edit permissions .

Adjust the permissions; click Update permissions to save the updated permissions.

To see the asset permissions granted, switch to the Asset permissions tab. You can adjust permissions for individual assets as needed.

The following actions are available in the ⋮ menu.

  • To recreate the API token string, click the Reset secret button. This will regenerate the token string so that it can be copied. Resetting the token in this way immediately invalidates the previous token string. The new string will need to be used.

  • To delete the API token, click the Delete token button. You will be asked to confirm the action. Once deleted, the API token is no longer valid and all API operations with the deleted token will fail.