Access Tokens for REST APIs

You can execute Commvault REST API requests by inserting an access token in a Bearer Token header. You can use access tokens as an alternative to token-based authentication via the Authtoken request header.

You can create an access token in the Command Center and use it to execute API requests.

Alternatively, you can use the Create access token for the user API to create an access token.

If you are an administrator, you can modify or delete access tokens of other users in the Command Center.

Note

You cannot create an access token for another user.

Access Token Scope

You can create access tokens with the following scopes:

  • All: Executes all of the Commvault REST APIs.

  • Microsoft SCIM: Executes Microsoft Azure SCIM protocol REST APIs.

  • 1-Touch recovery: Executes the following 1-Touch APIs:

    • /Client

    • /MediaAgent

    • /ClientGroup

    • /V4/ServerGroup

    • /FirewallSummary

  • Custom: Executes specific APIs.

Refresh Tokens

A refresh token also appears when you create access tokens with the scope All and Custom. Use the refresh token to renew the access token after it expires.

Access Token Validity

  • For scopes All and Custom, by default, the access tokens are valid for 30 minutes after creation. Then, you can renew it using the refresh token for 14 days. You can renew the token multiple times until 90 days after creation. However, you can extend the time for multiple token renewals until 365 days.

  • For scope Microsoft SCIM, the default expiration period is 30 days. However, you can extend the expiration period to 365 days while creating the access token.

  • For scope 1-Touch recovery, the default expiration period is seven days. However, you can extend the expiration period to only 14 days while creating the access token.

Important

Access tokens created before 11.38 are valid till their expiry. However, starting 11.38, you must periodically renew the access tokens with the scope All and Custom. So, when you upgrade from older versions to 11.38, all the old tokens will be honored until their expiry. However, you cannot edit these tokens; instead, you can revoke and create new tokens for the same purpose.

For such access tokens, on the Edit token dialog box, the following message appears:

This token was upgraded from an older format and cannot be edited.

Loading...