Set Token Settings

Endpoint

PUT /apiops/projects/{projectName}/credentials/{username}/token/

Authentication

Requires a Personal API Access Token.

Header

Authorization: Bearer YOUR_TOKEN

Request

Headers

Header	Value	Required
Authorization	Bearer {token}	Yes
Content-Type	application/json	Yes

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
username	string	Yes	Username of the credential

Request Body

Full JSON Body Example - Basic Token Settings

{
  "grantType": "PASSWORD",
  "tokenNeverExpires": false,
  "tokenExpiresInAmount": 3600,
  "tokenExpiresInUnit": "SECONDS",
  "refreshTokenAllowed": true,
  "refreshTokenCount": 1,
  "refreshTokenExpiresInAmount": 7200,
  "refreshTokenExpiresInUnit": "SECONDS",
  "allowUrlParameters": false,
  "jwtSignatureAlgorithm": "RS256",
  "deletePrevious": false
}

Full JSON Body Example - Token Never Expires

{
  "grantType": "CLIENT_CREDENTIALS",
  "tokenNeverExpires": true,
  "refreshTokenAllowed": false,
  "allowUrlParameters": true,
  "jwtSignatureAlgorithm": "HS256"
}

Request Body Fields

Field	Type	Required	Default	Description
grantType	string	No	-	Grant type for authentication. Values: PASSWORD, CLIENT_CREDENTIALS, AUTHORIZATION_CODE, IMPLICIT, REFRESH_TOKEN
tokenNeverExpires	boolean	No	-	Whether token never expires. If true, token expiration settings are ignored
tokenExpiresInAmount	long	No	-	Token expiration amount. Minimum value: 1. Required if tokenNeverExpires is false
tokenExpiresInUnit	string	No	-	Token expiration unit. Values: SECONDS, MINUTES, HOURS, DAYS, WEEKS, MONTHS, YEARS
refreshTokenAllowed	boolean	No	-	Whether refresh token is allowed
refreshTokenCount	integer	No	-	Maximum number of refresh tokens. Minimum value: 1. Required if refreshTokenAllowed is true
refreshTokenExpiresInAmount	long	No	-	Refresh token expiration amount. Minimum value: 1. Required if refreshTokenAllowed is true
refreshTokenExpiresInUnit	string	No	-	Refresh token expiration unit. Values: SECOND, MINUTE, HOUR, DAY, WEEK, MONTH, YEAR
allowUrlParameters	boolean	No	-	Whether URL parameters are allowed in token requests
jwtSignatureAlgorithm	string	No	-	JWT signature algorithm. Common values: RS256, HS256, ES256, etc.
deletePrevious	boolean	No	-	Whether to delete previous tokens when new token is issued

Notes

• All fields are optional
• Only provided fields are updated; other fields remain unchanged
• Credential must exist
• Authentication type is automatically set to SECRET_MANAGER for APIOps token settings
• If tokenNeverExpires is true, tokenExpiresInAmount and tokenExpiresInUnit are ignored
• If refreshTokenAllowed is false, refresh token related fields are ignored
• tokenExpiresInAmount and refreshTokenExpiresInAmount must be at least 1
• refreshTokenCount must be at least 1

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "message": "Deployment completed successfully",
    "environmentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployed successfully"
      },
      {
        "environmentName": "staging",
        "success": true,
        "message": "Deployed successfully"
      }
    ]
  }
}

Error Response (400 Bad Request)

{
  "error": "bad_request",
  "error_description": "Credential (username: api-user) was not found!"
}

or

{
  "error": "bad_request",
  "error_description": "Token expiration amount must be at least 1"
}

Error Response (401 Unauthorized)

{
  "error": "unauthorized_client",
  "error_description": "Invalid token"
}

Error Response (404 Not Found)

{
  "error": "not_found",
  "error_description": "Project(MyProject) was not found or user does not have privilege to access it!"
}

cURL Example

Example 1: Set Basic Token Settings

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/token/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "grantType": "PASSWORD",
    "tokenNeverExpires": false,
    "tokenExpiresInAmount": 3600,
    "tokenExpiresInUnit": "SECOND",
    "refreshTokenAllowed": true,
    "refreshTokenCount": 1,
    "refreshTokenExpiresInAmount": 7200,
    "refreshTokenExpiresInUnit": "SECOND",
    "allowUrlParameters": false,
    "jwtSignatureAlgorithm": "RS256",
    "deletePrevious": false
  }'

Example 2: Set Token Never Expires

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/token/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "grantType": "CLIENT_CREDENTIALS",
    "tokenNeverExpires": true,
    "refreshTokenAllowed": false,
    "allowUrlParameters": true,
    "jwtSignatureAlgorithm": "HS256"
  }'

Notes and Warnings

• Partial Updates:

  • Only provided fields are updated
  • Fields not included in the request remain unchanged
  • Use reset endpoint to restore all defaults

• Authentication Type:

  • Authentication type is automatically set to SECRET_MANAGER for APIOps token settings
  • This cannot be changed via this endpoint

• Token Expiration:

  • If tokenNeverExpires is true, token never expires regardless of expiration settings
  • If tokenNeverExpires is false, tokenExpiresInAmount and tokenExpiresInUnit must be provided

• Refresh Token Settings:

  • If refreshTokenAllowed is true, refresh token count and expiration must be provided
  • Refresh token count must be at least 1
  • Refresh token expiration amount must be at least 1

• Grant Types:

  • Supported grant types: PASSWORD, CLIENT_CREDENTIALS, AUTHORIZATION_CODE, IMPLICIT, REFRESH_TOKEN
  • Grant type determines the OAuth2/OIDC flow used

• JWT Signature Algorithm:

  • Common algorithms: RS256, HS256, ES256, PS256
  • Algorithm must match the key type used

• Automatic Deployment:

  • Credential is automatically deployed to all environments after token settings update
  • Deployment results are returned in the response

Permissions

• User must have IDENTITY + MANAGE permission in the project
• For automatic deployment, user must also have IDENTITY + DEPLOY_UNDEPLOY permission

Related Documentation

• Reset Token Settings - Reset token settings to defaults
• Set JWK Validation - Assign JWK for validation and signing
• List Credentials - List all credentials