Web Services REST API Token

The Web Services REST API token is a value that identifies and authenticates a user when performing a call to the Web Services REST API. It is recommended that a user take the appropriate precautions to prevent this value from being disseminated. For example, a user should never leave a TCC session unattended.

Only users that have been granted API access may view or generate a unique Web Services REST API token. Your administrator may grant API access to your account by defining the set of HTTP methods that you will be allowed to perform.
Learn more.

View your Web Services REST API token from your profile.

If you suspect that a token value has been compromised, then you should perform the following steps:

1. Generate a new primary token.
2. Update any applications or scripts that rely on the old Web Services REST API token.
3. Distribute your applications or scripts to the appropriate entities and/or locations.
4. Delete the backup Web Services REST API token.

To generate a new primary token

1. Navigate to your profile by clicking View Profile from the user settings menu.

   

2. Click Edit.
3. Click Generate New Primary.
4. When prompted, confirm that a new primary token should be generated.
5. Click Save.
6. From your preferred email client, open the verification email and then follow the verification link. The current primary token will be set as a backup token.

To delete a backup token

1. Navigate to your profile by clicking View Profile from the user settings menu.

   

2. Click Edit.
3. Click Delete Backup.
4. When prompted, confirm that the backup token should be deleted.
5. Click Save.

Best Practices: Web Services REST API Token Security

Web Services REST API tokens should be treated like any other security credential or password. It is paramount to keep this type of token as secure as possible. We have observed incidents in which customers lost control of their Web Services REST API token and then experienced unauthorized access on their account.

The following precautions are recommended:

• Ensure that a Web Service REST API token is not shared within or outside of your organization. For example, they should not be inadvertently posted on an online support form.
• Periodically change your Web Service REST API token.

• Perform general administrative security tasks on a regular basis. These tasks include:

  • Remove old user accounts.
  • Change passwords on a regular basis.
  • Reminder users to use complex passwords.

• Administrative User(s) Only: Heed the following precautions:

  • Consider creating a dedicated user whose token will be used in your scripts or applications.
  • Periodically verify that only users with a genuine need to perform task automation are granted REST API access.
  • Limit the set of operations that an authorized user may perform to those required by their scripts or applications.

Edgecast CDN