Create Tokens

Creates one or more tokens which can be used to bootstrap host identity. Responds with a JSON document containing the tokens and their restrictions.

If the tokens are created with a CIDR restriction, Conjur will only accept them from the allowlisted IP ranges.

Permissions required

execute privilege on the Host Factory.

URI

 
POST /host_factory_tokens

Example with curl and jq

Suppose your account is myorg, your host factory is called hf-db and you want to create two tokens, each of which which are usable only by local addresses 127.0.0.1 and 127.0.0.2, expiring at “2017-08-04T22:27:20+00:00”.

 
curl --request POST \
     --data-urlencode "expiration=2017-08-04T22:27:20+00:00" \
     --data-urlencode "host_factory=myorg:host_factory:hf-db" \
     --data-urlencode "count=2" \
     --data-urlencode "cidr[]=127.0.0.1" \
     --data-urlencode "cidr[]=127.0.0.2" \
     -H "$(conjur authn authenticate -H)" \
     https://eval.conjur.org/host_factory_tokens \
     | jq .
 
  • Curl will automatically encode your POST body if you use the --data-urlencode option. If your HTTP/REST client doesn’t support this feature, you can do it yourself.
  • In this example, the two provided addresses are logical OR-ed together and apply to both tokens. If you wanted each token to have a different CIDR restriction, you would make two API calls each with count=1.

Request Body Parameters

Parameter

Type

Mandatory

Description

expiration

ISO 8601 datetime string

Yes

Expiration date of the token

Example: 2017-08-04T22:27:20+00:00

host_factory

String

Yes

Fully qualified Host Factory id

Example: myorg:host_factory:hf-db

count

Integer

No

Number of tokens to create

Example: 2

Default: 1

cidr

Array

no

CIDR restriction(s) on token usage

Example: ["127.0.0.1","127.0.0.2"]

Response

Code

Description

200

Zero or more tokens were created and delivered in the response body

403

The authenticated user lacks the necessary privilege

404

Conjur did not find the specified Host Factory

422

A request parameter was missing or invalid

Example URI

 
POST /host_factory_tokens

Response 200

Headers

 
Content-Type: application/json

Body

 
[
  {
    "expiration": "2017-08-04T22:27:20+00:00",
    "cidr": [
      "127.0.0.1/32",
      "127.0.0.2/32"
    ],
    "token": "281s2ag1g8s7gd2ezf6td3d619b52t9gaak3w8rj0p38124n384sq7x"
  },
  {
    "expiration": "2017-08-04T22:27:20+00:00",
    "cidr": [
      "127.0.0.1/32",
      "127.0.0.2/32"
    ],
    "token": "2c0vfj61pmah3efbgpcz2x9vzcy1ycskfkyqy0kgk1fv014880f4"
  }
]