Security
The Astra Control REST API provides multiple layers of security.
All HTTP network traffic is protected using the transport layer security (TLS) standard. |
Astra API tokens
To use the Astra Control REST API, you must provide an API token on every request in the Authorization
request header. Note the following:
-
You can generate an API token at the Astra web user interface.
-
A token never expires after it is created.
-
You can revoke a token at any time at the Astra web user interface.
See Get an API token for more information.
Revoking an API access token
You can revoke an API token at the Astra web interface when it is no longer needed.
You need an account for the Astra service. You should also identify the tokens you want to revoke.
After a token is revoked, it is immediately and permanently unusable.
-
Sign in to Astra using your account credentials.
Access the following site for Astra Control Service: https://astra.netapp.io
-
Click the figure icon at the top right of the page and select API access.
-
Select the token or tokens you want to revoke.
-
Under the Actions drop-down box, click Revoke tokens.
Roles and access control
Each Astra user is assigned to a single role which determines the actions that can be performed. The roles are arranged in a hierarchy as described in the table below.
Role | Description |
---|---|
Owner |
Has all the permissions of the Admin role and can also delete Astra accounts. |
Admin |
Has all the permissions of the Member role and can also invite users to join an account. |
Member |
Can fully manage the Astra application and compute resources. |
Viewer |
Restricted to only viewing resources. |