Tokens

This endpoint allows you to perform actions on a specific Token of your Integration.

Token Scopes

To define what a token can access, you must assign it specific Scopes. Each scope grants permission for a particular action or set of data.

Principle of Least Privilege: Always grant only the scopes necessary for the specific integration. For example, a logging integration should only have *-logs.read scopes.

Click to expand the full list of Scopes

Scope

Description

Members

members.create

Create (invite) a new team member

members.read

Read a specific team member detail

members.read-all

List all team members

members.update

Update a team member

members.delete

Delete a team member

members.disconnect

Disconnect a team member’s active VPN session

Groups

groups.create

Create a new member group

groups.read

Read a specific member group detail

groups.read-all

List all member groups

groups.update

Update a member group

groups.delete

Delete a member group

Systems

systems.create

Create a new system

systems.read

Read a specific system detail

systems.read-all

List all systems

systems.update

Update a system

systems.delete

Delete a system

System Groups

system-groups.create

Create a new system group

system-groups.read

Read a specific system group detail

system-groups.read-all

List all system groups

system-groups.update

Update a system group

system-groups.delete

Delete a system group

Access Cards

access-cards.create

Create a new access card

access-cards.read

Read a specific access card detail

access-card.read-all

List all access cards

access-cards.update

Update an access card

access-cards.delete

Delete an access card

Relations

member-group-relation.add

Add a member to a group

member-group-relation.delete

Remove a member from a group

member-ac-relation.add

Add a member to an access card

member-ac-relation.delete

Remove a member from an access card

group-access-card-relation.add

Assign an access card to a member group

group-access-card-relation.delete

Remove an access card from a member group

system-system-group-relation.add

Add a system to a system group

system-system-group-relation.delete

Remove a system from a system group

system-ac-relation.add

Add a system to an access card

system-ac-relation.delete

Remove a system from an access card

system-group-access-card-relation.add

Assign an access card to a system group

system-group-access-card-relation.delete

Remove an access card from a system group

Gateways

gateways.read

Read a specific gateway detail

gateway.read-all

List all gateways

Devices

devices.read

Read a specific device detail

devices.read-all

List all devices

devices.delete

Delete a device

Tokens

token.create

Create a new API token

token.read

Read a specific API token detail

token.read-all

List all API tokens

token.delete

Delete an API token

Logs

gateway-log.read

Read gateway-level logs

system-logs.read

Read system-level logs

threat-blocker-logs.read

Read threat blocker logs

device-posture-check-logs.read

Read device posture check logs

admin-logs.read

Read admin activity / audit logs

Fetch All Tokens

get

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Responses

200

application/json

Responseobject

get

/api/v1/tokens

GET /api/v1/tokens HTTP/1.1
Host: integration.goodaccess.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

200

[
  {
    "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "name": "My Integration Token",
    "expires_at": "2025-12-31 23:59:59",
    "token": "a1b2c3d4-********-********-********-********-********",
    "last_used_at": "2024-08-15 10:30:00",
    "allowed_ips": [
      "192.168.1.1"
    ],
    "allowed_scopes": [
      "systems.read"
    ]
  }
]

Fetch Token by its ID

get

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

tokenIdstringRequired

UUID of the token

Responses

200

application/json

Responseobject

404

Not Found

application/json

get

/api/v1/token/{tokenId}

GET /api/v1/token/{tokenId} HTTP/1.1
Host: integration.goodaccess.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "name": "My Integration Token",
  "expires_at": "2025-12-31 23:59:59",
  "token": "a1b2c3d4-********-********-********-********-********",
  "last_used_at": "2024-08-15 10:30:00",
  "allowed_ips": [
    "192.168.1.1"
  ],
  "allowed_scopes": [
    "systems.read"
  ]
}

Create a new Token

post

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

namestringOptional

Name of the token

expires_atstringOptional

Expiration date of the token (format 'Y-m-d H:i:s')

allowed_ipsstring[]Optional

List of IP addresses allowed to use this token. If empty, all IPs are allowed.

Responses

200

application/json

objectOptional

400

Validation Error

application/json

post

/api/v1/token

POST /api/v1/token HTTP/1.1
Host: integration.goodaccess.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1261

{
  "name": "My Integration Token",
  "expires_at": "2025-12-31 23:59:59",
  "allowed_ips": [
    "192.168.1.1"
  ],
  "allowed_scopes": [
    "token.create",
    "token.read",
    "token.delete",
    "token.read-all",
    "members.disconnect",
    "device-posture-check-logs.read",
    "threat-blocker-logs.read",
    "admin-logs.read",
    "devices.read-all",
    "devices.delete",
    "devices.read",
    "group-access-card-relation.delete",
    "group-access-card-relation.add",
    "member-group-relation.delete",
    "member-group-relation.add",
    "system-group-access-card-relation.delete",
    "system-group-access-card-relation.add",
    "system-system-group-relation.delete",
    "system-system-group-relation.add",
    "system-ac-relation.delete",
    "system-ac-relation.add",
    "member-ac-relation.delete",
    "member-ac-relation.add",
    "groups.read-all",
    "system-groups.read-all",
    "access-card.read-all",
    "gateway.read-all",
    "system.read-all",
    "gateway-log.read",
    "members.read-all",
    "system-groups.delete",
    "system-groups.update",
    "system-groups.read",
    "system-groups.create",
    "groups.delete",
    "groups.update",
    "groups.read",
    "groups.create",
    "systems.delete",
    "systems.update",
    "systems.read",
    "systems.create",
    "system-logs.read",
    "access-cards.delete",
    "access-cards.update",
    "access-cards.read",
    "access-cards.create",
    "gateways.read",
    "members.delete",
    "members.update",
    "members.read",
    "members.create"
  ]
}

{
  "message": "Token has been successfully created",
  "created_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "token": "a1b2c3d4-e5f67890-abcd1234-ef567890-abcd1234-ef567890"
}

Revoke Token by its ID

delete

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

tokenIdstringRequired

UUID of the token to revoke

Responses

200

application/json

objectOptional

404

Not Found

application/json

delete

/api/v1/token/{tokenId}

DELETE /api/v1/token/{tokenId} HTTP/1.1
Host: integration.goodaccess.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "message": "Token has been successfully revoked"
}

PreviousDevices NextLogs

Last updated 24 days ago

Was this helpful?

hashtagToken Scopes

hashtagFetch All Tokens

hashtagFetch Token by its ID

hashtagCreate a new Token

hashtagRevoke Token by its ID

Token Scopes

Fetch All Tokens

Fetch Token by its ID

Create a new Token

Revoke Token by its ID