Security

Contributors dmp-netapp Download PDF of this page

The Astra REST API provides multiple layers of security.

All HTTP network traffic is protected using the transport layer security (TLS) standard.

Astra API tokens

To use the Astra REST API, you must provide an API token on every request in the Authorization request header. Note the following:

  • You can generate an API token at the Astra web user interface.

  • A token never expires after it is created.

  • You can revoke a token at any time at the Astra web user interface.

See Get an API access token for more information.

Revoking an API access token

You can revoke an API token at the Astra web interface when it is no longer needed.

Before you begin

You need an account for the Astra service. You should also identify the tokens you want to revoke.

About this task

After a token is revoked, it is immediately and permanently unusable.

Steps
  1. Sign in to the Astra service using your account credentials.

  2. Click the figure icon at the top right of the page and select API access.

  3. Select the token or tokens you want to revoke.

  4. Under the Actions drop-down box, click Revoke tokens.

Roles and access control

Each Astra user is assigned to a single role. The role is used to restrict access to the API calls. The defined roles include:

  • Owner

  • Admin

  • Member

  • Viewer