5 title: "api_client_authorizations"
9 See "REST methods for working with Arvados resources":{{site.baseurl}}/api/methods.html
11 API endpoint base: @https://{{ site.arvados_api_host }}/arvados/v1/api_client_authorizations@
13 Required arguments are displayed in %{background:#ccffcc}green%.
17 The @api_client_authorizations@ resource stores the list of API tokens that have been issued to permit access the API server.
19 An ApiClientAuthorization is *not* a generic Arvados resource. The full list of properties that belong to an ApiClientAuthorization is:
21 table(table table-bordered table-condensed).
22 |_. Attribute|_. Type|_. Description|_. Example|
23 |api_token|string|The actual token string that is expected in the Authorization header.||
24 |api_client_id|integer|-||
26 |created_by_ip_address|string|-||
27 |last_used_by_ip_address|string|The network address of the most recent client using this token.||
28 |last_used_at|datetime|Timestamp of the most recent request using this token.||
29 |expires_at|datetime|Time at which the token is no longer valid.||
30 |default_owner_uuid|string|||
31 |scopes|array|A list of resources this token is allowed to access. A scope of ["all"] allows all resources. See below.||
35 Scopes can restrict a token so it may only access certain resources. This is in addition to normal permission checks for the user associated with the token.
37 Each entry in scopes consists of a @request_method@ and @request_path@, where the @request_method@ is a HTTP method (one of @GET@, @POST@, @PUT@ or @DELETE@) and @request_path@ is the request URI. A given request is permitted if it matches a scopes exactly, or the scope ends with @/@ and the request string is a prefix of the scope.
39 As a special case, a scope of ["all"] allows all resources.
43 A scope of @GET /arvados/v1/collections@ permits listing collections.
45 * Requests with different methods, such as creating a new collection using @POST /arvados/v1/collections@, will be rejected.
46 * Requests to access other resources, such as @GET /arvados/v1/groups@, will be rejected.
47 * Be aware that requests for specific records, such as @GET /arvados/v1/collections/962eh-4zz18-xi32mpz2621o8km@ will also be rejected. This is because the scope @GET /arvados/v1/collections@ does not end in @/@
49 A scope of @GET /arvados/v1/collections/@ (with @/@ suffix) will permit access to individual collections.
51 * The request @GET /arvados/v1/collections/962eh-4zz18-xi32mpz2621o8km@ will succeed
52 * Be aware that requests for listing @GET /arvados/v1/collections@ (no @/@ suffix) will be rejected, because it is not an exact match with @GET /arvados/v1/collections/@
54 To allow both listing objects and requesting individual objects, include both in the scope: @["GET /arvados/v1/collections", "GET /arvados/v1/collections/"]@
56 A narrow scope such as @GET /arvados/v1/collections/962eh-4zz18-xi32mpz2621o8km@ will disallow listing objects as well as disallow requesting any object other than those in the scope.
62 Create a new ApiClientAuthorization.
66 table(table table-bordered table-condensed).
67 |_. Argument |_. Type |_. Description |_. Location |_. Example |
68 |api_client_authorization|object||query||
70 h3. create_system_auth
72 create_system_auth api_client_authorizations
76 table(table table-bordered table-condensed).
77 |_. Argument |_. Type |_. Description |_. Location |_. Example |
78 |api_client_id|integer||query||
79 |scopes|array||query||
83 Delete an existing ApiClientAuthorization.
87 table(table table-bordered table-condensed).
88 |_. Argument |_. Type |_. Description |_. Location |_. Example |
89 {background:#ccffcc}.|uuid|string|The UUID of the ApiClientAuthorization in question.|path||
93 Gets a ApiClientAuthorization's metadata by UUID.
97 table(table table-bordered table-condensed).
98 |_. Argument |_. Type |_. Description |_. Location |_. Example |
99 {background:#ccffcc}.|uuid|string|The UUID of the ApiClientAuthorization in question.|path||
103 List api_client_authorizations.
107 table(table table-bordered table-condensed).
108 |_. Argument |_. Type |_. Description |_. Location |_. Example |
109 |limit|integer (default 100)|Maximum number of api_client_authorizations to return.|query||
110 |order|string|Order in which to return matching api_client_authorizations.|query||
111 |filters|array|Conditions for filtering api_client_authorizations.|query||
115 Update attributes of an existing ApiClientAuthorization.
119 table(table table-bordered table-condensed).
120 |_. Argument |_. Type |_. Description |_. Location |_. Example |
121 {background:#ccffcc}.|uuid|string|The UUID of the ApiClientAuthorization in question.|path||
122 |api_client_authorization|object||query||