Access tokens

Contributors netapp-jolieg

Access tokens provide a method of authentication with the REST API or command line interface (CLI), without exposing user names and passwords. A token is associated to a specific user (including LDAP users), and includes a set of permissions and an expiration.

SAML and JSON web token access

By default, a system with SAML enabled does not allow access to traditional command line tools. The REST API and CLI effectively become inoperable because the MFA workflow requires a redirect to an Identity Provider server for authentication. Therefore, you must generate tokens in System Manager, which mandates that a user is authenticated via MFA.

Note It is not necessary to have SAML enabled to use web tokens, but SAML is recommended for the highest level of security.

Workflow for creating and using tokens

  1. Create a token in System Manager and determine its expiration.

  2. Copy the token text to the clipboard or download it to a file, and then save the token text in a secure location.

  3. Use the token as follows:

    • Rest API: To use a token in a REST API request, add an HTTP header to your requests. For example: Authorization: Bearer <access-token-value>

    • Secure CLI: To use a token in the CLI, add the token value on the command line or use the path to a file containing the token value. For example:

      • Token value on the command line: -t access-token-value

      • Path to a file containing the token value: -T access-token-file

Learn more: