All commands in Direktiv can be executed as API commands. In this example the API will be used to generate an access token.
To make an API call an existing API token is required. This can be either the admin token or a namespace access token which has been created before. If a namespace token is used it requires the permission permissionsManage, which inherits permissionsView.
This token has to be provided via the HTTP header direktiv-token regardless of being a namespace or admin token.
The API address to use is the following where MY-SERVER is the Direktiv address and MY-NAMESPACE is the namespace the new access token should be created for.
https://MY-SERVER/api/namespaces/MY-NAMESPACE/auth/token
The body of the request is a JSON payload which defines the expiry time as ISO 8601 string, provides a description and a list of policies.
The policies can not exceed the policies of the token used to create it, e.g. if the access token in the direktiv-token header does not have the requested policies they will be removed from the list. The token will still be created with the subset of the requested policies.
{
"description":"generated by api",
"policies":["deleteNamespace","eventsManage"],
"expires":"P1Y"
}A curl command would look like the following:
curl --request POST \
--url https://MY-SERVER//api/namespaces/MY-NAMESPACE/auth/token \
--header 'Content-Type: application/json' \
--header 'Direktiv-Token: my-direktiv-token' \
--data '{
"description":"created by api",
"policies":["deleteNamespace","eventsManage"],
"expires":"P1Y"
}'Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article