Default | Virtual HSM

Create Token

post

Creates a new token. Certain options are only available when called by a root or sudo-capable token. If used with a role name in the path, the token will be created against the specified role name.

Body

idstringOptional

Custom client token ID (root only). Cannot contain "." or start with "s.".

role_namestringOptional

Name of the token role.

policiesstring[]Optional

Policies to assign to the token.

no_parentbooleanOptional

If true, creates an orphan token. Requires root or sudo.

Default: false

no_default_policybooleanOptional

If true, excludes the default policy.

Default: false

renewablebooleanOptional

Whether the token can be renewed.

Default: true

leasestringOptionalDeprecated

Deprecated. Use ttl instead.

ttlstringOptional

TTL (e.g., "1h").

typestring · enumOptional

Token type.

Possible values:

explicit_max_ttlstringOptional

Explicit max TTL that cannot be exceeded.

display_namestringOptional

Display name for the token.

Default: token

num_usesintegerOptional

Max number of uses. 0 means unlimited.

Default: 0

periodstringOptional

Periodic renewal interval. Requires root or sudo.

entity_aliasstringOptional

Entity alias to associate with (must be allowed in role).

Responses

200

Token created successfully

application/json

400

Bad Request – The input is malformed or missing required fields.

application/json

403

Forbidden – The requester's token lacks sufficient privileges

application/json

post

POST /v1/auth/token/create HTTP/1.1
Host: localhost:8200
Content-Type: application/json
Accept: */*
Content-Length: 80

{
  "policies": [
    "web",
    "stage"
  ],
  "meta": {
    "user": "armon"
  },
  "ttl": "1h",
  "renewable": true
}

{
  "request_id": "f00341c1-fad5-f6e6-13fd-235617f858a1",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": null,
  "wrap_info": null,
  "warnings": [
    "Policy \"stage\" does not exist",
    "Policy \"web\" does not exist"
  ],
  "auth": {
    "client_token": "s.wOrq9dO9kzOcuvB06CMviJhZ",
    "accessor": "B6oixijqmeR4bsLOJH88Ska9",
    "policies": [
      "default",
      "stage",
      "web"
    ],
    "token_policies": [
      "default",
      "stage",
      "web"
    ],
    "metadata": {
      "user": "armon"
    },
    "lease_duration": 3600,
    "renewable": true,
    "entity_id": "",
    "token_type": "service",
    "orphan": false,
    "num_uses": 0
  }
}

Read the current configuration for the given MFA method

get

Path parameters

method_idstringRequired

The unique identifier for this MFA method.

Responses

200

Successfully retrieved Duo MFA configuration

application/json

Responseany

400

Bad Request – Invalid method ID format.

application/json

403

Forbidden – Access denied to this configuration.

application/json

500

Internal Server Error

application/json

Delete a configuration for the given MFA method

delete

Path parameters

method_idstringRequired

The unique identifier for this MFA method.

Responses

204

Successfully deleted. No content returned.

400

Bad Request – Invalid method ID format.

application/json

403

Forbidden – Insufficient permissions.

application/json

500

Internal Server Error

application/json

delete

DELETE /v1/identity/mfa/method/duo/{method_id} HTTP/1.1
Host: localhost:8200
Accept: */*

No content

Retrieve the configuration of the specified Duo MFA method.

get

This operation retrieves the configuration details of the Duo MFA method identified by the name parameter.

Path parameters

namestringRequired

The name of the Duo MFA method configuration.

Responses

200

Successfully retrieved the Duo MFA method configuration.

application/json

Responseany

404

The specified Duo MFA method configuration was not found.

application/json

500

Internal server error while retrieving the Duo MFA method configuration.

application/json

get

GET /v1/sys/mfa/method/duo/{name} HTTP/1.1
Host: localhost:8200
Accept: */*

{
  "name": "duo",
  "type": "duo",
  "details": {
    "integration_key": "integration_key_value",
    "secret_key": "secret_key_value"
  }
}

Modify the specified Duo MFA method configuration.

post

This operation modifies the configuration of the Duo MFA method identified by the name parameter. It requires the user to provide the new configuration details in the request body.

Path parameters

namestringRequired

The name of the Duo MFA method configuration.

Body

anyOptional

Responses

200

Successfully updated the Duo MFA method configuration.

400

Bad request. The provided configuration is invalid.

application/json

404

The specified Duo MFA method configuration was not found.

application/json

500

Internal server error while modifying the Duo MFA method configuration.

application/json

post

POST /v1/sys/mfa/method/duo/{name} HTTP/1.1
Host: localhost:8200
Content-Type: application/json
Accept: */*
Content-Length: 109

{
  "name": "duo",
  "type": "duo",
  "details": {
    "integration_key": "new_integration_key",
    "secret_key": "new_secret_key"
  }
}

No content

Delete the specified Duo MFA method.

delete

This operation deletes the Duo MFA method configuration identified by the name parameter.

Path parameters

namestringRequired

The name of the Duo MFA method configuration.

Responses

204

Successfully deleted the Duo MFA method configuration. The body is empty.

400

Bad request. The `name` parameter is invalid.

application/json

404

The specified Duo MFA method configuration was not found.

application/json

500

Internal server error while deleting the Duo MFA method configuration.

application/json

delete

DELETE /v1/sys/mfa/method/duo/{name} HTTP/1.1
Host: localhost:8200
Accept: */*

No content

Lock the API at a specific namespace path.

post

Path parameters

pathstringRequired

Body

Responses

200

OK

application/json

400

Bad Request

application/json

500

Internal Server Error

application/json

post

POST /v1/sys/namespaces/api-lock/lock/{path} HTTP/1.1
Host: localhost:8200
Accept: */*

{
  "success": true
}