Accessing tokens

Users with the organization administration role can view or revoke tokens for all users. Additionally, they can generate tokens for functional users only. Users with the developer role can view or revoke the tokens that they created. The Access tokens page displays tokens for personal and functional users.

About this task

To use the command-line interface (CLI) in Self Service, a secret in the form of an access token must be provided to the CLI configuration file. Functional and non-functional users use these access tokens to use the CLI. An advantage of using an access token is that you don't need to register with IBM Cloud before you use the CLI. For more information about functional users, see Creating functional users and assigning roles.

Procedure

  1. Open Self Service. For more information, see Accessing Self Service.
  2. Select the organization for which you want to generate access tokens.
  3. To open the Access tokens page, on the Organization home page, in the toolbar, click the User Actions icon. Then, click the Access tokens menu.
  4. To generate a token for your personal self service account, in the Personal tokens tab, click Generate token.
  5. To generate a token for a Self Service Functional user, in the Functional tokens tab, select the user and click Generate token.
    The Generate access token dialog opens.
  6. In the Display name field, enter the display name for the token.
  7. Click Generate.
    A token gets generated. Copy and save the token as you cannot retrieve the token secret again. For the CLI integration, add your token to the ssctl-config.json properties file.
  8. Click Finish.
  9. If you want to revoke any token, in the Access tokens tab, click Revoke. As an organization administrator, you can revoke access tokens for any user. However, as a developer, you can only revoke access tokens that you created. To revoke the access tokens from any developer or organization administrator, you must enter your IBMid email address to confirm your identity.