Create App & API Token
We use Apps to interact with M-Trust services. Apps are always associated with a Project and are used to manage permissions and transactions.
In short terms, you will use the App as configuration within your own application to access M-Trust APIs and services.
Please refer to the Apps and API Token Fundamentals to get a basic understanding of the concepts.
Create an App
To create an App, you need to be logged in to the M-Trust Console. Navigate to Apps within your Project and click on the Create App button.
We provide a short flow to help you to create an App.
App Name
First you need to specify a name for your App. The name should help you to identify the App later on.
Permissions
You can specify permissions for your App. These permissions determine what actions your application can perform when interacting with M-Trust APIs and services.
For example, an App might have permissions to read data from a certain Registry but not to write data to it.
These permissions are used to enforce security and ensure that each App can only perform the actions it needs to perform, and no more. This principle is often referred to as the principle of least privilege.
Expiration
Together with your App, we create an API Token for you. This token is used in your implementation to authenticate against M-Trust services.
The API Token is valid for a limited time. You can specify the expiration time in the second step. In general, the shorter the expiration time, the more secure your solution is. However, you need to make sure that you recreate and replace the API Token before it expires.
App created
After creating the App, we show you the API Token we created with the App. Make sure to copy the token and store it in a secure place. You will need it later on and we won't show it again. Don't worry, you can always create another API Token for your App.
The API Token is highly sensitive. Make sure to store it in a secure place. If it gets compromised, delete the API Token and create a new one.
It is important, for security reasons, to store the downloaded API Token .txt file in a secure location. Please ensure this is done diligently.
Great, you just created an App. After creating an App, you are redirected to the App detail page.
App Details
You can review all associated API Tokens, permissions and settings of an App on the App details page.
API Tokens
As we mentioned before, your new App comes with a fresh API Token.
An API Token is used to obtain an access token, which is in turn used to access M-Trust APIs and services.
An App may have multiple active API Tokens. This allows you to create new API Tokens and replace existing ones for uninterrupted uptime of your solution. This is useful for rotating your API Tokens on a regular basis.
API Token Exchange
To programmatically refresh an API token, use the following endpoint. This is useful to avoid manual token updates when it's nearing expiration. A secure backend can leverage an existing token to generate a new one.
Request
POST /api/token/v1/tokens/refresh/api-token
{
"client_id": string,
"grant_type": "token-exchange",
"refresh_token": string,
"scope": "openid"
}
client_id- The Id of the App this token is issued for.grant_type- Specify the grant_type token-exchange for replacing the API Token.refresh_token- The current API token you want to exchange.scope- Specify openid as access permissions scope for replacing the API Token.
Response
If the token is valid, the response contains a newly issued API token. Ensure the token is securely stored.
{
"token": {
"name": string,
"creationDate": timestamp,
"expirationDate": timestamp
},
"value": string
}
token- Token metadata, including name, creation date, and expiration date.value- The new API token.
Refreshing the token automatically deactivates the previous one, making it unusable for any subsequent requests. Be sure to update your application with the new token immediately after receiving it to maintain uninterrupted access.
In the next step we will use the API Token to obtain an access token.