> Commvault SaaS > REST API > Access Tokens for REST APIs > End Users

Creating an Access Token and a Refresh Token - End Users

To execute REST APIs, add an access token. Creating an access token for scopes All, Custom, and Hyperscale also automatically generates a refresh token, which you will need to renew the access token after it expires.

After creating an access token, you can use it in your API requests as a Bearer Token.

Important

  • An access token functions like a password.

  • You must save both the access token and refresh token for your records and not share it with others.

  • If you lose the tokens, they cannot be retrieved.

  • You can add multiple tokens for your user account.

Procedure

  1. In the upper-right corner of the Command Center window, click your username, and then select Profile.

    The profile page appears.

  2. On the Access tokens tab, click Add token.

    The Add token dialog box appears.

  3. Enter the token's name, renewable until time or expiry date, and scope.

    By default, an access token expires after 30 minutes, and the scope is set to All including all api.commvault.com endpoints.

  4. To set a different scope, from the Scope list, select one of the following:

    • 1-Touch recovery: Executes the following 1-Touch APIs:

      • /Client

      • /MediaAgent

      • /ClientGroup

      • /V4/ServerGroup

      • /FirewallSummary

    • Hyperscale: Executes Hyperscale REST APIs.

    • Microsoft SCIM: Executes Microsoft Azure SCIM protocol REST APIs.

    • Custom: Executes specific APIs (for example, /Subclient).

      • Allowed endpoints: For a custom scope, specify the endpoints that you want to allow with this access token by entering each endpoint on a new line.

        For example, if you enter /plan, you can execute all plan operation REST APIs starting with /plan.

  5. To control from which IP addresses the access token must be allowed to execute REST APIs, do the following:

    1. Go to the IP allowlist section, click Edit.

      The Edit IP allowlist dialog box appears.

    2. Enter the IP addresses or CIDR range. You can enter the IP address in IPv4 or IPv6 format.

      Examples:

      • IPv4 format: 10.0.0.1
      • Single IPv6 format: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
      • IPv4 CIDR range: 1.1.1.0/24
      • IPV6 CIDR range: 2001:0db8:85a3::/64
      • IPv4 range: 1.1.1.0 – 1.1.1.25
      • IPv6 range: 2001:db8::1 - 2001:db8::ffff

    3. Click Save.

  6. Click Submit.

    An access token and a refresh token appear.

  7. Copy and save the tokens.

  8. Click Close.

Results

  • The access token is valid for 30 minutes.

  • After thirty minutes, use the Refresh token API to refresh the token according to the following rule:

    • For scopes All, Custom, and Hyperscale, by default, you can renew the token multiple times until 90 days after creation.

Page contents

×

Loading...