Manage Tokens
TANGO uses tokens to authenticate users and authorize access to resources.
If you are a TANGO administrator, you have the ability to create and manage access tokens for users of a workspace.
These tokens are a bit different from the user tokens obtained through the TANGO authentication process, as they are more customisable. In particular, you can specify the expiration time of the token. Moreover, these tokens can be invalidated at any time by the administrator, which is not possible with user tokens.
This is useful for managing access to resources in a more granular way, allowing you to control who can access what and for how long.
It is suggested to use the TANGO Dashboard hosted at https://auth.tango.u-hopper.com to perform these operations, as it
provides a user-friendly interface for managing tokens.
Api Token Management
The tokens generated by the TANGO dashboard cannot be created by API calls, but only through the TANGO dashboard. However, you can use the API to manage the tokens, such as listing, revoking, deleting and checking the status of the tokens.
List API Tokens in a Workspace
GET /api/auth/workspace/{workspaceId}/token
Retrieves a list of all API tokens that have been created within a specific workspace.
- Requires bearer token authentication (
bearerAuth).
Path Parameters
| Name | Type | Required | Description | Example |
|---|---|---|---|---|
workspaceId | string | Yes | The ID of the workspace. | 1 |
Response Format
If successful, it returns an array of ApiTokenItemPayload objects. Note that the key itself is not returned for
security reasons.
| Name | Type | Description |
|---|---|---|
id | integer | The unique ID of the API token. |
name | string | The human-readable name given to the token. |
user_id | integer | The ID of the user who owns the token. |
expiration_date | string | The date on which the token will expire. |
last_used | string | The timestamp of when the token was last used. |
created | string | The timestamp of when the token was created. |
Example Response
[
{
"id": 1,
"name": "MyDataPipelineToken",
"user_id": 4,
"expiration_date": "2025-12-31",
"last_used": "2025-01-16T10:12:52.051956Z",
"created": "2025-01-16T10:12:52.051881Z",
"is_active": true
}
]
Get a Specific API Token
GET /api/auth/workspace/{workspaceId}/token/{tokenId}
Retrieves the details of a single API token by its ID.
- Requires bearer token authentication (
bearerAuth).
Path Parameters
| Name | Type | Required | Description | Example |
|---|---|---|---|---|
workspaceId | integer | Yes | The ID of the workspace. | 123 |
tokenId | integer | Yes | The ID of the token to retrieve. | 1 |
Response Format
If successful, it returns the requested ApiTokenItemPayload object.
{
"id": 1,
"name": "MyDataPipelineToken",
"user_id": 4,
"expiration_date": "2025-12-31",
"last_used": "2025-01-16T10:12:52.051956Z",
"created": "2025-01-16T10:12:52.051881Z",
"is_active": true
}
Update an API Token's State
PATCH /api/auth/workspace/{workspaceId}/token/{tokenId}
Updates the state of a specific API token, allowing it to be enabled or disabled. To disable a token and revoke its access, set is_active to false. To re-enable a previously disabled token, set is_active to true.
- Requires bearer token authentication (
bearerAuth).
Path Parameters
| Name | Type | Required | Description | Example |
|---|---|---|---|---|
workspaceId | integer | Yes | The ID of the workspace. | 123 |
tokenId | integer | Yes | The ID of the token to update. | 1 |
Request Body
The body must contain the is_active boolean flag to set the desired state of the token.
| Name | Type | Required | Description |
|---|---|---|---|
is_active | boolean | Yes | The desired state of the token (true for active, false for inactive). |
Example Request Body (to disable a token)
{
"is_active": false
}
Response Format
A successful 200 OK response will be returned with the full, updated ApiTokenItemPayload object, reflecting the new is_active state.
{
"id": 1,
"name": "MyDataPipelineToken",
"user_id": 4,
"expiration_date": "2025-12-31",
"last_used": "2025-01-16T10:12:52.051956Z",
"created": "2025-01-16T10:12:52.051881Z",
"is_active": false
}
Delete an API Token
DELETE /api/auth/workspace/{workspaceId}/token/{tokenId}
Permanently deletes a specific API token. This action cannot be undone.
- Requires bearer token authentication (
bearerAuth).
Path Parameters
| Name | Type | Required | Description | Example |
|---|---|---|---|---|
workspaceId | integer | Yes | The ID of the workspace. | 123 |
tokenId | integer | Yes | The ID of the token to delete. | 1 |
Response Format
A successful 204 No Content response will be returned with a confirmation message in the body.
{
"message": "The API token has been deleted",
"message_code": "ok"
}