Endpoint Permissions

Queries built using the Query Editor can be exposed for consumption by external applications or users via endpoints.

Permissions

To modify endpoint permissions, go to Endpoints > right-click on the [Endpoint] Actions menu > Permissions.

You can modify endpoint permissions for organization users, project groups, and service accounts.

Each of the above can be an:

  • Owner (create, view, edit, share, and delete)

  • Editor (view, edit, and share)

  • Reader (view)

Users

To add permissions for a user, go to Endpoint > right-click on the [Endpoint] Actions menu > Permissions > Add Permissions > Users > search for user name.

To modify permissions for a user, go to Endpoint > right-click on the [Endpoint] Actions menu > Permissions > click on the drop-down menu next to a [User] and select one of three available roles.

To remove permissions for a user, go to Endpoint > right-click on the [Endpoint] Actions menu > Permissions > click on "X" next to a [User].

Groups

To add permissions for a group, go to Endpoint > right-click on the [Endpoint] Actions menu > Permissions > Add Permissions > Groups > select [Group].

To modify permissions for a group, go to Endpoint > right-click on the [Endpoint] Actions menu > Permissions > click on the drop-down menu next to a [Group] and select one of three available roles.

To remove permissions for a group, go to Endpoint > right-click on the [Endpoint] Actions menu > Permissions > click on "X" next to a [Group].

Service Accounts

To add permissions for a service account, go to Endpoint > right-click on the [Endpoint] Actions menu > Permissions > Add Permissions > Service Account > select [Service Account].

To modify permissions for a service account, go to Endpoint > right-click on the [Endpoint] Actions menu > Permissions > click on the drop-down menu next to a [Service Account] and select one of three available roles.

To remove permissions for a service account, go to Endpoint > right-click on the [Endpoint] Actions menu > Permissions > click on "X" next to a [Service Account].

Access Tokens

Endpoints are secured with access tokens. Access tokens are used by organization users or service accounts that are given the appropriate permissions through the process as described above.

There are two types of access tokens:

  • Service Account Token

  • Personal Access Token

Both token types are treated the same way when assigning permissions to an endpoint.

Service Account Token

Service account tokens are bound to projects. They can be used by external consumers or applications.

To create an access token for a service account, create a service account and add the service account to a project.

To create a service account, go to Organization > Projects > [Project] > User Management> Service Accounts > Create Service Account. Adding a service account will generate an access token. Make sure to save the token since it is only displayed to you once.

To regenerate an access token for a service account, go to Organization > Projects > [Project] > User Management> Service Accounts > right-click on the [Service Account] Actions menu > Regenerate token.

To access an endpoint using a service account token, provide the token in the Authorize header of your request (see: Testing Endpoints).

Personal Access Token

Personal access tokens are bound to organization users. Every user can generate their own personal access tokens in order to make endpoints temporarily available (e.g., for test purposes or running a one-time script).

If a user is deleted, the personal access token is deleted as well.

To view a list of your personal access tokens, go to [Profile] > Personal Access Tokens.

To create a new personal access tokens, go to [Profile] > Personal Access Tokens > Create Access Token.

To regenerate a personal access token, go to [Profile] > Personal Access Tokens > right-click on the [Personal Access Token] Actions menu > Regenerate token.

To rename a personal access token, go to [Profile] > Personal Access Tokens > right-click on the [Personal Access Token] Actions menu > Rename.

To delete a personal access token, go to [Profile] > Personal Access Tokens > right-click on the [Personal Access Token] Actions menu > Delete.