Skip to main content
A newer release of this product is available.


Contributors dmp-netapp

The Astra Control REST API provides multiple layers of security.

Note All HTTP network traffic is protected using the transport layer security (TLS) protocol standard.

Astra API tokens

To use the Astra Control REST API, you must provide an API token on every request in the Authorization request header. Note the following:

  • You can generate an API token at the Astra web user interface.

  • A token never expires after it is created.

  • You can revoke a token at any time at the Astra web user interface.

See Get an API token for more information.

Revoking an API access token

You can revoke an API token at the Astra web interface when it is no longer needed.

Before you begin

You need an account for the Astra service. You should also identify the tokens you want to revoke.

About this task

After a token is revoked, it is immediately and permanently unusable.

  1. Sign in to Astra using your account credentials.

    Access the following site for Astra Control Service:

  2. Click the figure icon at the top right of the page and select API access.

  3. Select the token or tokens you want to revoke.

  4. Under the Actions drop-down box, click Revoke tokens.

Roles and access control

Each Astra user is assigned to a single role which determines the actions that can be performed. The roles are arranged in a hierarchy as described in the table below.

Role Description


Has all the permissions of the Admin role and can also delete Astra accounts.


Has all the permissions of the Member role and can also invite users to join an account.


Can fully manage the Astra application and compute resources.


Restricted to only viewing resources.