Authentication
Overview
All Management API endpoints (except the test endpoint) require authentication using a Personal API Access Token. This token is used instead of username/password for API requests.
Obtaining a Token
There are two ways to obtain a Personal API Access Token:
- From Management Console (recommended for first-time setup)
- From Management API (for programmatic token creation)
Method 1: From Management Console
Log in to the Apinizer Management Console
Access the Management Console with your credentials.
Navigate to My Profile
Click on the Quick Menu (user icon) → My Profile.
Go to Personal API Access Tokens Section
Scroll to the Personal API Access Tokens section.
Create API Token
Click Create API Token.
Fill in Token Details
Token Name: A descriptive name for your token
Expiration: Choose expiration type
Never Expires- Token never expiresSelect from Calendar- Choose a specific expiration date
Create and Copy Token
Click Create and copy the token immediately - it will not be shown again.
Method 2: From Management API
Endpoint
POST /apiops/auth/token
Request
Headers
| Header | Value |
|---|---|
| Content-Type | application/x-www-form-urlencoded |
| Accept | application/json |
Request Body (URL Encoded)
| Parameter | Value | Description |
|---|---|---|
| grant_type | client_credentials | OAuth2 grant type |
| client_id | {username} | Your Apinizer username |
| client_secret | {password} | Your Apinizer password |
Response
Success Response (200 OK)
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600
}
Error Response (401 Unauthorized)
{
"error": "unauthorized_client",
"error_description": "Bad credentials"
}
cURL Example
curl -X POST \
"https://demo.apinizer.com/apiops/auth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Accept: application/json" \
-d "grant_type=client_credentials&client_id=your_username&client_secret=your_password"
Full JSON Body Example
{
"grant_type": "client_credentials",
"client_id": "your_username",
"client_secret": "your_password"
}
not
This endpoint uses application/x-www-form-urlencoded format, not JSON.
Using the Token
Include the token in the Authorization header of all API requests:
Authorization: Bearer YOUR_TOKEN
Example Request
curl -X GET \
"https://demo.apinizer.com/apiops/projects/" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Token Security
- Never commit tokens to version control
- Store tokens securely (use environment variables or secret management)
- Rotate tokens regularly
- Revoke unused tokens from the Management Console
Token Expiration
- Tokens can be configured to never expire or expire at a specific date
- Expired tokens will return
401 Unauthorizedresponses - Create a new token when your token expires
Revoking Tokens
Tokens can be revoked from the Management Console:
Navigate to My Profile
Go to My Profile → Personal API Access Tokens.
Find the Token
Locate the token you want to revoke.
Revoke Token
Click Revoke. Once revoked, the token cannot be used for API requests.
Permissions
Tokens inherit the permissions of the user who created them. The Management API uses a project-based permission system with categories and actions.
For detailed information about the permission system, see Overview Details - Permissions.
Permission Categories
API_MANAGEMENT: API Proxy, Policy, API Proxy Group, and Endpoint operationsSECRETS: Certificate, Key, Keystore, JWK, and Environment Variable operationsIDENTITY: Credential and RLCL operationsCONNECTIONS: Connection operationsGLOBAL_SETTINGS: IP Group operations
Permission Actions
MANAGE: Full management access (create, update, delete)DEPLOY_UNDEPLOY: Deploy and undeploy operationsEXPORT_IMPORT: Export and import operations
Special Permissions
- System Admin (
sysAdmin): Required for certain administrative operations (reports, system-wide environment listing) - Project Admin: For some operations, having project admin role is sufficient instead of specific category permissions
Permission Matrix
The following table provides a comprehensive overview of permissions required for each endpoint:
Permission Control System
GET Methods
- Permission Check: Uses
hasAnyPermissionInProject - Note: Detailed permission control is currently a technical debt
POST/PUT/DELETE/PATCH Methods
- Permission Check: Uses
hasPermissionInProject(user, category, action, projectId) - Asset Category and Action Mapping:
- CREATE/UPDATE/DELETE →
MANAGE - DEPLOY/UNDEPLOY →
DEPLOY_UNDEPLOY - EXPORT/IMPORT →
EXPORT_IMPORT
- CREATE/UPDATE/DELETE →
Endpoint Permission Matrix
API Proxy Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/apiProxies/ | - | Any permission | List API Proxies |
| POST | /apiops/projects/{projectName}/apiProxies/url/ | API_MANAGEMENT | MANAGE (+ DEPLOY_UNDEPLOY if deploy) | Create from URL |
| PUT | /apiops/projects/{projectName}/apiProxies/url/ | API_MANAGEMENT | MANAGE (+ DEPLOY_UNDEPLOY if deploy) | Update from URL |
| POST | /apiops/projects/{projectName}/apiProxies/file/ | API_MANAGEMENT | MANAGE (+ DEPLOY_UNDEPLOY if deploy) | Create from File |
| PUT | /apiops/projects/{projectName}/apiProxies/file/ | API_MANAGEMENT | MANAGE (+ DEPLOY_UNDEPLOY if deploy) | Update from File |
| DELETE | /apiops/projects/{projectName}/apiProxies/{apiProxyName}/ | API_MANAGEMENT | MANAGE + DEPLOY_UNDEPLOY | Delete API Proxy |
| POST | /apiops/projects/{projectName}/apiProxies/{apiProxyName}/environments/{environmentName}/ | API_MANAGEMENT | DEPLOY_UNDEPLOY | Deploy API Proxy |
| DELETE | /apiops/projects/{projectName}/apiProxies/{apiProxyName}/environments/{environmentName}/ | API_MANAGEMENT | DEPLOY_UNDEPLOY | Undeploy API Proxy |
| GET | /apiops/projects/{projectName}/apiProxies/{apiProxyName}/export/ | API_MANAGEMENT | EXPORT_IMPORT | Export API Proxy |
| POST | /apiops/projects/{projectName}/apiProxies/import/ | API_MANAGEMENT | EXPORT_IMPORT | Import API Proxy |
| PUT | /apiops/projects/{projectName}/apiProxies/{apiProxyName}/import/ | API_MANAGEMENT | EXPORT_IMPORT (+ DEPLOY_UNDEPLOY if deploy) | Import with Override |
| PATCH | /apiops/projects/{projectName}/apiProxies/{apiProxyName}/settings/* | API_MANAGEMENT | MANAGE | Update Settings |
API Proxy Group Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/apiProxyGroups/ | - | Any permission | List API Proxy Groups |
| POST | /apiops/projects/{projectName}/apiProxyGroups/ | API_MANAGEMENT | MANAGE | Create API Proxy Group |
| PUT | /apiops/projects/{projectName}/apiProxyGroups/ | API_MANAGEMENT | MANAGE | Update API Proxy Group |
| DELETE | /apiops/projects/{projectName}/apiProxyGroups/{apiProxyGroupName}/ | API_MANAGEMENT | MANAGE | Delete API Proxy Group |
| POST | /apiops/projects/{projectName}/apiProxyGroups/{apiProxyGroupName}/environments/{environmentName}/ | API_MANAGEMENT | DEPLOY_UNDEPLOY | Deploy API Proxy Group |
| DELETE | /apiops/projects/{projectName}/apiProxyGroups/{apiProxyGroupName}/environments/{environmentName}/ | API_MANAGEMENT | DEPLOY_UNDEPLOY | Undeploy API Proxy Group |
Policy Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies | - | Any permission | List Policies |
| POST | /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/ | API_MANAGEMENT | MANAGE (+ DEPLOY_UNDEPLOY if deploy) | Add Policy |
| PUT | /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/ | API_MANAGEMENT | MANAGE (+ DEPLOY_UNDEPLOY if deploy) | Update Policy |
| DELETE | /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/ | API_MANAGEMENT | MANAGE (+ DEPLOY_UNDEPLOY if deploy) | Delete Policy |
Certificate Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/certificates/ | - | Any permission | List Certificates |
| GET | /apiops/projects/{projectName}/certificates/{certificateName}/ | - | Any permission | Get Certificate |
| POST | /apiops/projects/{projectName}/certificates/ | SECRETS | MANAGE | Create Certificate |
| PUT | /apiops/projects/{projectName}/certificates/{certificateName}/ | SECRETS | MANAGE | Update Certificate |
| DELETE | /apiops/projects/{projectName}/certificates/{certificateName}/ | SECRETS | MANAGE | Delete Certificate |
| GET | /apiops/projects/{projectName}/certificates/{certificateName}/export/ | SECRETS | EXPORT_IMPORT | Export Certificate |
Key Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/keys/ | - | Any permission | List Keys |
| GET | /apiops/projects/{projectName}/keys/{keyName}/ | - | Any permission | Get Key |
| POST | /apiops/projects/{projectName}/keys/ | SECRETS | MANAGE | Create Key |
| PUT | /apiops/projects/{projectName}/keys/{keyName}/ | SECRETS | MANAGE | Update Key |
| DELETE | /apiops/projects/{projectName}/keys/{keyName}/ | SECRETS | MANAGE | Delete Key |
Keystore Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/keystores/ | - | Any permission | List Keystores |
| GET | /apiops/projects/{projectName}/keystores/{keystoreName}/ | - | Any permission | Get Keystore |
| POST | /apiops/projects/{projectName}/keystores/ | SECRETS | MANAGE | Create Keystore |
| PUT | /apiops/projects/{projectName}/keystores/{keystoreName}/ | SECRETS | MANAGE | Update Keystore |
| DELETE | /apiops/projects/{projectName}/keystores/{keystoreName}/ | SECRETS | MANAGE | Delete Keystore |
JWK Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/jwks/ | - | Any permission | List JWKs |
| GET | /apiops/projects/{projectName}/jwks/{jwkName}/ | - | Any permission | Get JWK |
| POST | /apiops/projects/{projectName}/jwks/ | SECRETS | MANAGE | Create JWK |
| PUT | /apiops/projects/{projectName}/jwks/{jwkName}/ | SECRETS | MANAGE | Update JWK |
| DELETE | /apiops/projects/{projectName}/jwks/{jwkName}/ | SECRETS | MANAGE | Delete JWK |
| POST | /apiops/projects/{projectName}/jwks/generate | SECRETS | MANAGE | Generate JWK |
| POST | /apiops/projects/{projectName}/jwks/parse-from-* | SECRETS | MANAGE | Parse JWK from various sources |
Environment Variable Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/environmentVariables | - | Any permission | List Environment Variables |
| GET | /apiops/projects/{projectName}/environmentVariables/{name}/ | - | Any permission | Get Environment Variable |
| POST | /apiops/projects/{projectName}/environmentVariables/{name}/ | SECRETS | MANAGE | Create Environment Variable |
| PUT | /apiops/projects/{projectName}/environmentVariables/{name}/ | SECRETS | MANAGE | Update Environment Variable |
| DELETE | /apiops/projects/{projectName}/environmentVariables/{name}/ | SECRETS | MANAGE | Delete Environment Variable |
Connection Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/connections | - | Any permission | List Connections |
| GET | /apiops/projects/{projectName}/connections/{connectionName}/ | - | Any permission | Get Connection |
| POST | /apiops/projects/{projectName}/connections/{connectionName}/ | CONNECTIONS | MANAGE | Create Connection |
| PUT | /apiops/projects/{projectName}/connections/{connectionName}/ | CONNECTIONS | MANAGE | Update Connection |
| DELETE | /apiops/projects/{projectName}/connections/{connectionName}/ | CONNECTIONS | MANAGE | Delete Connection |
Credential Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/credentials/ | - | Any permission | List Credentials |
| POST | /apiops/projects/{projectName}/credentials/ | IDENTITY | MANAGE | Create Credential |
| PUT | /apiops/projects/{projectName}/credentials/ | IDENTITY | MANAGE | Update Credential |
| DELETE | /apiops/projects/{projectName}/credentials/{username}/ | IDENTITY | MANAGE | Delete Credential |
| PUT | /apiops/projects/{projectName}/credentials/{username}/access/ | IDENTITY | MANAGE | Grant Access |
| DELETE | /apiops/projects/{projectName}/credentials/{username}/access/ | IDENTITY | MANAGE | Revoke Access |
RLCL Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| POST | /apiops/projects/{projectName}/rlcl | IDENTITY | MANAGE | Create RLCL |
| PUT | /apiops/projects/{projectName}/rlcl/{rlclName}/ | IDENTITY | MANAGE | Update RLCL |
| DELETE | /apiops/projects/{projectName}/rlcl/{rlclName}/ | IDENTITY | MANAGE | Delete RLCL |
| POST/PUT/DELETE | /apiops/projects/{projectName}/rlcl/{rlclName}/credentials/ | IDENTITY | MANAGE | Manage Credentials |
| POST/PUT/DELETE | /apiops/projects/{projectName}/rlcl/{rlclName}/endpoints/ | IDENTITY | MANAGE | Manage Endpoints |
| POST/PUT/DELETE | /apiops/projects/{projectName}/rlcl/{rlclName}/condition/ | IDENTITY | MANAGE | Manage Conditions |
IP Group Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/projects/{projectName}/ipGroups | - | Any permission | List IP Groups |
| GET | /apiops/projects/{projectName}/ipGroups/{ipGroupName}/ | - | Any permission | Get IP Group |
| POST | /apiops/projects/{projectName}/ipGroups | GLOBAL_SETTINGS | MANAGE | Create IP Group |
| PUT | /apiops/projects/{projectName}/ipGroups/{ipGroupName}/ | GLOBAL_SETTINGS | MANAGE | Update IP Group |
| DELETE | /apiops/projects/{projectName}/ipGroups/{ipGroupName}/ | GLOBAL_SETTINGS | MANAGE | Delete IP Group |
| POST/PUT/DELETE | /apiops/projects/{projectName}/ipGroups/{ipGroupName}/ips/ | GLOBAL_SETTINGS | MANAGE | Manage IPs |
Environment Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/environments/ | - | Admin/Analyzer Only | List All Environments |
| GET | /apiops/environments/{projectName} | - | Any permission | List Environments for Project |
Report Operations
| HTTP Method | Endpoint | Category | Action | Notes |
|---|---|---|---|---|
| GET | /apiops/reports/api-proxies | - | Admin/Analyzer Only | API Report |
| GET | /apiops/reports/organization-api-data-model-access | - | Admin/Analyzer Only | Organization ACL Report |
Special Cases
Role-Based Controls
- Geolocation Settings: Admin role required (role-based)
- Reports: Admin or Analyzer role required (role-based)
- Projects: Token only (no project-based permission check)
- Test Endpoints: Healthcheck endpoint requires no authentication
Conditional Permission Checks
- API Proxy Create/Update: If deployment is requested, additional
DEPLOY_UNDEPLOYpermission is required - Policy Operations: If deployment is requested, additional
DEPLOY_UNDEPLOYpermission is required - API Proxy Delete: Requires
DEPLOY_UNDEPLOYpermission for undeployment
Notes
- GET Methods: Detailed permission control is currently a technical debt. Currently uses
hasAnyPermissionInProject(any permission in project). - POST/PUT/DELETE/PATCH Methods: Uses
hasPermissionInProject(user, category, action, projectId)for permission checks. - Deployment Operations: Some operations (deploy, undeploy) require additional permission checks.
- Admin/Analyzer Roles: Some endpoints use role-based controls instead of category/action permissions.
Troubleshooting
401 Unauthorized
- Verify the token is correct (no extra spaces)
- Check if the token has expired
- Ensure the token hasn't been revoked
- Verify the
Authorizationheader format:Bearer {token}
Invalid Token Format
- Ensure you're using
Bearerprefix (with space) - Check for typos in the token
- Verify the token was copied completely