Generating API tokens on Patr
API tokens can be generated on Patr with specific permissions such that only the permissions granted are allowed on that API token. This can be used to generate API tokens that have specific permissions to specific resources. In case any one API token gets leaked, the attack surface is reduced due to the permissions granted on the API token. Additionally, API tokens can be revoked at any time, minimizing the amount of time the API token is exposed for. Unlike a password, this also prevents attackers from attempting to use the same token on multiple platforms since each API token is unique to that platform.
Generating an API token on Patr
In order to generate an API token, click on your profile icon on the bottom right corner of the screen.
Here, you can navigate to the API Tokens tab to generate a new API Token.
Choosing the right permissions
In the API Tokens tab, click on the Create API Token button.
Enter the following values:
- Name: A user-friendly name to identify the token
- Allowed IPs: If you would like to restrict the API Token to be accessible from only certain IP addresses, you can enter those IPs here. You can also enter IP ranges that are allowed to use the token. Leaving this empty will mean that the API Token can be used from any IP address.
- Token Validity: If you would like the API Token to only be valid for a certain time range, you can enter the validity from and to here.
- Permissions: Choose the permissions that you would like the API Token to have. Your API Token will only have the permissions that you grant it, on those specific resources. You can assign granular permissions on specific resources for each API Token. Any action performed by an API Token generated by you will be done on your behalf.
Using the API Token
You can also store this API Token as a Secret on Patr for a secure and reliable storage.You can also store this API Token as a Secret on Patr for a secure and reliable storage. The API Token generated can now be used across Patr, to pull images or to interact with the API. You can send the token in the Authorization
header, and you will be authenticated with Patr.
Further Reading
Storing Secrets on Patr
Creating a Deployment
Creating a Static Site