Ana içeriğe atla

Overview

All Management API endpoints (except the test endpoint) require authentication using a Personal API Access Token. This token is used instead of username/password for API requests.

Obtaining a Token

There are two ways to obtain a Personal API Access Token:
  1. From Management Console (recommended for first-time setup)
  2. From Management API (for programmatic token creation)

Method 1: From Management Console

1

Log in to the Apinizer Management Console

Access the Management Console with your credentials.
2

Navigate to My Profile

Click on the Quick Menu (user icon) → My Profile.
3

Go to Personal API Access Tokens Section

Scroll to the Personal API Access Tokens section.
4

Create API Token

Click Create API Token.
5

Fill in Token Details

Token Name: A descriptive name for your tokenExpiration: Choose expiration type
  • Never Expires - Token never expires
  • Select from Calendar - Choose a specific expiration date
6

Create and Copy Token

Click Create and copy the token immediately - it will not be shown again.

Method 2: From Management API

Endpoint

POST /apiops/auth/token

Request

Headers

HeaderValue
Content-Typeapplication/x-www-form-urlencoded
Acceptapplication/json

Request Body (URL Encoded)

ParameterValueDescription
grant_typeclient_credentialsOAuth2 grant type
client_idYour Apinizer username
client_secretYour Apinizer password

Response

Success Response (200 OK)

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Error Response (401 Unauthorized)

{
  "error": "unauthorized_client",
  "error_description": "Bad credentials"
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/auth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Accept: application/json" \
  -d "grant_type=client_credentials&client_id=your_username&client_secret=your_password"

Full JSON Body Example

{
  "grant_type": "client_credentials",
  "client_id": "your_username",
  "client_secret": "your_password"
}
This endpoint uses application/x-www-form-urlencoded format, not JSON.

Using the Token

Include the token in the Authorization header of all API requests: 
Authorization: Bearer YOUR_TOKEN

Example Request

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Token Security

  • Never commit tokens to version control
  • Store tokens securely (use environment variables or secret management)
  • Rotate tokens regularly
  • Revoke unused tokens from the Management Console

Token Expiration

  • Tokens can be configured to never expire or expire at a specific date
  • Expired tokens will return 401 Unauthorized responses
  • Create a new token when your token expires

Revoking Tokens

Tokens can be revoked from the Management Console:
1

Navigate to My Profile

Go to My ProfilePersonal API Access Tokens.
2

Find the Token

Locate the token you want to revoke.
3

Revoke Token

Click Revoke. Once revoked, the token cannot be used for API requests.

Permissions

Tokens inherit the permissions of the user who created them. The Management API uses a project-based permission system with categories and actions. For detailed information about the permission system, see Overview Details - Permissions.

Permission Categories

  • API_MANAGEMENT: API Proxy, Policy, API Proxy Group, and Endpoint operations
  • SECRETS: Certificate, Key, Keystore, JWK, and Environment Variable operations
  • IDENTITY: Credential and RLCL operations
  • CONNECTIONS: Connection operations
  • GLOBAL_SETTINGS: IP Group operations

Permission Actions

  • MANAGE: Full management access (create, update, delete)
  • DEPLOY_UNDEPLOY: Deploy and undeploy operations
  • EXPORT_IMPORT: Export and import operations

Special Permissions

  • System Admin (sysAdmin): Required for certain administrative operations (reports, system-wide environment listing)
  • Project Admin: For some operations, having project admin role is sufficient instead of specific category permissions

Permission Matrix

The following table provides a comprehensive overview of permissions required for each endpoint:

Permission Control System

GET Methods

  • Permission Check: Uses hasAnyPermissionInProject
  • Note: Detailed permission control is currently a technical debt

POST/PUT/DELETE/PATCH Methods

  • Permission Check: Uses hasPermissionInProject(user, category, action, projectId)
  • Asset Category and Action Mapping:
    • CREATE/UPDATE/DELETE → MANAGE
    • DEPLOY/UNDEPLOY → DEPLOY_UNDEPLOY
    • EXPORT/IMPORT → EXPORT_IMPORT

Endpoint Permission Matrix

API Proxy Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/apiProxies/-Any permissionList API Proxies
POST/apiops/projects/{projectName}/apiProxies/url/API_MANAGEMENTMANAGE (+ DEPLOY_UNDEPLOY if deploy)Create from URL
PUT/apiops/projects/{projectName}/apiProxies/url/API_MANAGEMENTMANAGE (+ DEPLOY_UNDEPLOY if deploy)Update from URL
POST/apiops/projects/{projectName}/apiProxies/file/API_MANAGEMENTMANAGE (+ DEPLOY_UNDEPLOY if deploy)Create from File
PUT/apiops/projects/{projectName}/apiProxies/file/API_MANAGEMENTMANAGE (+ DEPLOY_UNDEPLOY if deploy)Update from File
DELETE/apiops/projects/{projectName}/apiProxies/{apiProxyName}/API_MANAGEMENTMANAGE + DEPLOY_UNDEPLOYDelete API Proxy
POST/apiops/projects/{projectName}/apiProxies/{apiProxyName}/environments/{environmentName}/API_MANAGEMENTDEPLOY_UNDEPLOYDeploy API Proxy
DELETE/apiops/projects/{projectName}/apiProxies/{apiProxyName}/environments/{environmentName}/API_MANAGEMENTDEPLOY_UNDEPLOYUndeploy API Proxy
GET/apiops/projects/{projectName}/apiProxies/{apiProxyName}/export/API_MANAGEMENTEXPORT_IMPORTExport API Proxy
POST/apiops/projects/{projectName}/apiProxies/import/API_MANAGEMENTEXPORT_IMPORTImport API Proxy
PUT/apiops/projects/{projectName}/apiProxies/{apiProxyName}/import/API_MANAGEMENTEXPORT_IMPORT (+ DEPLOY_UNDEPLOY if deploy)Import with Override
PATCH/apiops/projects/{projectName}/apiProxies/{apiProxyName}/settings/*API_MANAGEMENTMANAGEUpdate Settings

API Proxy Group Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/apiProxyGroups/-Any permissionList API Proxy Groups
POST/apiops/projects/{projectName}/apiProxyGroups/API_MANAGEMENTMANAGECreate API Proxy Group
PUT/apiops/projects/{projectName}/apiProxyGroups/API_MANAGEMENTMANAGEUpdate API Proxy Group
DELETE/apiops/projects/{projectName}/apiProxyGroups/{apiProxyGroupName}/API_MANAGEMENTMANAGEDelete API Proxy Group
POST/apiops/projects/{projectName}/apiProxyGroups/{apiProxyGroupName}/environments/{environmentName}/API_MANAGEMENTDEPLOY_UNDEPLOYDeploy API Proxy Group
DELETE/apiops/projects/{projectName}/apiProxyGroups/{apiProxyGroupName}/environments/{environmentName}/API_MANAGEMENTDEPLOY_UNDEPLOYUndeploy API Proxy Group

Policy Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies-Any permissionList Policies
POST/apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/API_MANAGEMENTMANAGE (+ DEPLOY_UNDEPLOY if deploy)Add Policy
PUT/apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/API_MANAGEMENTMANAGE (+ DEPLOY_UNDEPLOY if deploy)Update Policy
DELETE/apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/API_MANAGEMENTMANAGE (+ DEPLOY_UNDEPLOY if deploy)Delete Policy

Certificate Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/certificates/-Any permissionList Certificates
GET/apiops/projects/{projectName}/certificates/{certificateName}/-Any permissionGet Certificate
POST/apiops/projects/{projectName}/certificates/SECRETSMANAGECreate Certificate
PUT/apiops/projects/{projectName}/certificates/{certificateName}/SECRETSMANAGEUpdate Certificate
DELETE/apiops/projects/{projectName}/certificates/{certificateName}/SECRETSMANAGEDelete Certificate
GET/apiops/projects/{projectName}/certificates/{certificateName}/export/SECRETSEXPORT_IMPORTExport Certificate

Key Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/keys/-Any permissionList Keys
GET/apiops/projects/{projectName}/keys/{keyName}/-Any permissionGet Key
POST/apiops/projects/{projectName}/keys/SECRETSMANAGECreate Key
PUT/apiops/projects/{projectName}/keys/{keyName}/SECRETSMANAGEUpdate Key
DELETE/apiops/projects/{projectName}/keys/{keyName}/SECRETSMANAGEDelete Key

Keystore Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/keystores/-Any permissionList Keystores
GET/apiops/projects/{projectName}/keystores/{keystoreName}/-Any permissionGet Keystore
POST/apiops/projects/{projectName}/keystores/SECRETSMANAGECreate Keystore
PUT/apiops/projects/{projectName}/keystores/{keystoreName}/SECRETSMANAGEUpdate Keystore
DELETE/apiops/projects/{projectName}/keystores/{keystoreName}/SECRETSMANAGEDelete Keystore

JWK Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/jwks/-Any permissionList JWKs
GET/apiops/projects/{projectName}/jwks/{jwkName}/-Any permissionGet JWK
POST/apiops/projects/{projectName}/jwks/SECRETSMANAGECreate JWK
PUT/apiops/projects/{projectName}/jwks/{jwkName}/SECRETSMANAGEUpdate JWK
DELETE/apiops/projects/{projectName}/jwks/{jwkName}/SECRETSMANAGEDelete JWK
POST/apiops/projects/{projectName}/jwks/generateSECRETSMANAGEGenerate JWK
POST/apiops/projects/{projectName}/jwks/parse-from-*SECRETSMANAGEParse JWK from various sources

Environment Variable Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/environmentVariables-Any permissionList Environment Variables
GET/apiops/projects/{projectName}/environmentVariables/{name}/-Any permissionGet Environment Variable
POST/apiops/projects/{projectName}/environmentVariables/{name}/SECRETSMANAGECreate Environment Variable
PUT/apiops/projects/{projectName}/environmentVariables/{name}/SECRETSMANAGEUpdate Environment Variable
DELETE/apiops/projects/{projectName}/environmentVariables/{name}/SECRETSMANAGEDelete Environment Variable

Connection Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/connections-Any permissionList Connections
GET/apiops/projects/{projectName}/connections/{connectionName}/-Any permissionGet Connection
POST/apiops/projects/{projectName}/connections/{connectionName}/CONNECTIONSMANAGECreate Connection
PUT/apiops/projects/{projectName}/connections/{connectionName}/CONNECTIONSMANAGEUpdate Connection
DELETE/apiops/projects/{projectName}/connections/{connectionName}/CONNECTIONSMANAGEDelete Connection

Credential Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/credentials/-Any permissionList Credentials
POST/apiops/projects/{projectName}/credentials/IDENTITYMANAGECreate Credential
PUT/apiops/projects/{projectName}/credentials/IDENTITYMANAGEUpdate Credential
DELETE/apiops/projects/{projectName}/credentials/{username}/IDENTITYMANAGEDelete Credential
PUT/apiops/projects/{projectName}/credentials/{username}/access/IDENTITYMANAGEGrant Access
DELETE/apiops/projects/{projectName}/credentials/{username}/access/IDENTITYMANAGERevoke Access

RLCL Operations

HTTP MethodEndpointCategoryActionNotes
POST/apiops/projects/{projectName}/rlclIDENTITYMANAGECreate RLCL
PUT/apiops/projects/{projectName}/rlcl/{rlclName}/IDENTITYMANAGEUpdate RLCL
DELETE/apiops/projects/{projectName}/rlcl/{rlclName}/IDENTITYMANAGEDelete RLCL
POST/PUT/DELETE/apiops/projects/{projectName}/rlcl/{rlclName}/credentials/IDENTITYMANAGEManage Credentials
POST/PUT/DELETE/apiops/projects/{projectName}/rlcl/{rlclName}/endpoints/IDENTITYMANAGEManage Endpoints
POST/PUT/DELETE/apiops/projects/{projectName}/rlcl/{rlclName}/condition/IDENTITYMANAGEManage Conditions

IP Group Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/projects/{projectName}/ipGroups-Any permissionList IP Groups
GET/apiops/projects/{projectName}/ipGroups/{ipGroupName}/-Any permissionGet IP Group
POST/apiops/projects/{projectName}/ipGroupsGLOBAL_SETTINGSMANAGECreate IP Group
PUT/apiops/projects/{projectName}/ipGroups/{ipGroupName}/GLOBAL_SETTINGSMANAGEUpdate IP Group
DELETE/apiops/projects/{projectName}/ipGroups/{ipGroupName}/GLOBAL_SETTINGSMANAGEDelete IP Group
POST/PUT/DELETE/apiops/projects/{projectName}/ipGroups/{ipGroupName}/ips/GLOBAL_SETTINGSMANAGEManage IPs

Environment Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/environments/-Admin/Analyzer OnlyList All Environments
GET/apiops/environments/{projectName}-Any permissionList Environments for Project

Report Operations

HTTP MethodEndpointCategoryActionNotes
GET/apiops/reports/api-proxies-Admin/Analyzer OnlyAPI Report
GET/apiops/reports/organization-api-data-model-access-Admin/Analyzer OnlyOrganization ACL Report

Special Cases

Role-Based Controls

  • Geolocation Settings: Admin role required (role-based)
  • Reports: Admin or Analyzer role required (role-based)
  • Projects: Token only (no project-based permission check)
  • Test Endpoints: Healthcheck endpoint requires no authentication

Conditional Permission Checks

  • API Proxy Create/Update: If deployment is requested, additional DEPLOY_UNDEPLOY permission is required
  • Policy Operations: If deployment is requested, additional DEPLOY_UNDEPLOY permission is required
  • API Proxy Delete: Requires DEPLOY_UNDEPLOY permission for undeployment

Notes

  1. GET Methods: Detailed permission control is currently a technical debt. Currently uses hasAnyPermissionInProject (any permission in project).
  2. POST/PUT/DELETE/PATCH Methods: Uses hasPermissionInProject(user, category, action, projectId) for permission checks.
  3. Deployment Operations: Some operations (deploy, undeploy) require additional permission checks.
  4. Admin/Analyzer Roles: Some endpoints use role-based controls instead of category/action permissions.

Troubleshooting

401 Unauthorized

  • Verify the token is correct (no extra spaces)
  • Check if the token has expired
  • Ensure the token hasn’t been revoked
  • Verify the Authorization header format: Bearer {token}

Invalid Token Format

  • Ensure you’re using Bearer prefix (with space)
  • Check for typos in the token
  • Verify the token was copied completely

Next Steps