Default

Create Token

post

Creates a new token. Certain options are only available when called by a root or sudo-capable token. If used with a role name in the path, the token will be created against the specified role name.

Body
idstringOptional

Custom client token ID (root only). Cannot contain "." or start with "s.".

role_namestringOptional

Name of the token role.

policiesstring[]Optional

Policies to assign to the token.

no_parentbooleanOptional

If true, creates an orphan token. Requires root or sudo.

Default: false
no_default_policybooleanOptional

If true, excludes the default policy.

Default: false
renewablebooleanOptional

Whether the token can be renewed.

Default: true
leasestringOptionalDeprecated

Deprecated. Use ttl instead.

ttlstringOptional

TTL (e.g., "1h").

typestring · enumOptional

Token type.

Possible values:
explicit_max_ttlstringOptional

Explicit max TTL that cannot be exceeded.

display_namestringOptional

Display name for the token.

Default: token
num_usesintegerOptional

Max number of uses. 0 means unlimited.

Default: 0
periodstringOptional

Periodic renewal interval. Requires root or sudo.

entity_aliasstringOptional

Entity alias to associate with (must be allowed in role).

Responses
200
Token created successfully
application/json
post
POST /v1/auth/token/create HTTP/1.1
Host: localhost:8200
Content-Type: application/json
Accept: */*
Content-Length: 80

{
  "policies": [
    "web",
    "stage"
  ],
  "meta": {
    "user": "armon"
  },
  "ttl": "1h",
  "renewable": true
}
{
  "request_id": "f00341c1-fad5-f6e6-13fd-235617f858a1",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": null,
  "wrap_info": null,
  "warnings": [
    "Policy \"stage\" does not exist",
    "Policy \"web\" does not exist"
  ],
  "auth": {
    "client_token": "s.wOrq9dO9kzOcuvB06CMviJhZ",
    "accessor": "B6oixijqmeR4bsLOJH88Ska9",
    "policies": [
      "default",
      "stage",
      "web"
    ],
    "token_policies": [
      "default",
      "stage",
      "web"
    ],
    "metadata": {
      "user": "armon"
    },
    "lease_duration": 3600,
    "renewable": true,
    "entity_id": "",
    "token_type": "service",
    "orphan": false,
    "num_uses": 0
  }
}

Read the current configuration for the given MFA method

get
Path parameters
method_idstringRequired

The unique identifier for this MFA method.

Responses
200
Successfully retrieved Duo MFA configuration
application/json
Responseany
get
GET /v1/identity/mfa/method/duo/{method_id} HTTP/1.1
Host: localhost:8200
Accept: */*
{
  "method_id": "duo-primary",
  "method": "duo",
  "enabled": true,
  "integration_key": "DIXXXXXXXXXXXXXXXXXX",
  "api_hostname": "api-XXXXXXX.duosecurity.com",
  "description": "Primary Duo MFA config for admins"
}

Delete a configuration for the given MFA method

delete
Path parameters
method_idstringRequired

The unique identifier for this MFA method.

Responses
204
Successfully deleted. No content returned.
delete
DELETE /v1/identity/mfa/method/duo/{method_id} HTTP/1.1
Host: localhost:8200
Accept: */*

No content

Retrieve the configuration of the specified Duo MFA method.

get

This operation retrieves the configuration details of the Duo MFA method identified by the name parameter.

Path parameters
namestringRequired

The name of the Duo MFA method configuration.

Responses
200
Successfully retrieved the Duo MFA method configuration.
application/json
Responseany
get
GET /v1/sys/mfa/method/duo/{name} HTTP/1.1
Host: localhost:8200
Accept: */*
{
  "name": "duo",
  "type": "duo",
  "details": {
    "integration_key": "integration_key_value",
    "secret_key": "secret_key_value"
  }
}

Modify the specified Duo MFA method configuration.

post

This operation modifies the configuration of the Duo MFA method identified by the name parameter. It requires the user to provide the new configuration details in the request body.

Path parameters
namestringRequired

The name of the Duo MFA method configuration.

Body
anyOptional
Responses
200
Successfully updated the Duo MFA method configuration.
post
POST /v1/sys/mfa/method/duo/{name} HTTP/1.1
Host: localhost:8200
Content-Type: application/json
Accept: */*
Content-Length: 109

{
  "name": "duo",
  "type": "duo",
  "details": {
    "integration_key": "new_integration_key",
    "secret_key": "new_secret_key"
  }
}

No content

Delete the specified Duo MFA method.

delete

This operation deletes the Duo MFA method configuration identified by the name parameter.

Path parameters
namestringRequired

The name of the Duo MFA method configuration.

Responses
204
Successfully deleted the Duo MFA method configuration. The body is empty.
delete
DELETE /v1/sys/mfa/method/duo/{name} HTTP/1.1
Host: localhost:8200
Accept: */*

No content

Lock the API at a specific namespace path.

post
Path parameters
pathstringRequired
Body
Responses
200
OK
application/json
post
POST /v1/sys/namespaces/api-lock/lock/{path} HTTP/1.1
Host: localhost:8200
Accept: */*
{
  "success": true
}

Was this helpful?