+ },
+ {
+ "children" : [
+ {
+ "info" : {
+ "DELETE" : {
+ "allowtoken" : 1,
+ "description" : "Remove API token for a specific user.",
+ "method" : "DELETE",
+ "name" : "remove_token",
+ "parameters" : {
+ "additionalProperties" : 0,
+ "properties" : {
+ "tokenid" : {
+ "description" : "User-specific token identifier.",
+ "pattern" : "(?^:[A-Za-z][A-Za-z0-9\\.\\-_]+)",
+ "type" : "string"
+ },
+ "userid" : {
+ "description" : "User ID",
+ "format" : "pve-userid",
+ "maxLength" : 64,
+ "type" : "string",
+ "typetext" : "<string>"
+ }
+ }
+ },
+ "permissions" : {
+ "check" : [
+ "or",
+ [
+ "userid-param",
+ "self"
+ ],
+ [
+ "perm",
+ "/access/users/{userid}",
+ [
+ "User.Modify"
+ ]
+ ]
+ ]
+ },
+ "protected" : 1,
+ "returns" : {
+ "type" : "null"
+ }
+ },
+ "GET" : {
+ "allowtoken" : 1,
+ "description" : "Get specific API token information.",
+ "method" : "GET",
+ "name" : "read_token",
+ "parameters" : {
+ "additionalProperties" : 0,
+ "properties" : {
+ "tokenid" : {
+ "description" : "User-specific token identifier.",
+ "pattern" : "(?^:[A-Za-z][A-Za-z0-9\\.\\-_]+)",
+ "type" : "string"
+ },
+ "userid" : {
+ "description" : "User ID",
+ "format" : "pve-userid",
+ "maxLength" : 64,
+ "type" : "string",
+ "typetext" : "<string>"
+ }
+ }
+ },
+ "permissions" : {
+ "check" : [
+ "or",
+ [
+ "userid-param",
+ "self"
+ ],
+ [
+ "perm",
+ "/access/users/{userid}",
+ [
+ "User.Modify"
+ ]
+ ]
+ ]
+ },
+ "returns" : {
+ "properties" : {
+ "comment" : {
+ "optional" : 1,
+ "type" : "string"
+ },
+ "expire" : {
+ "default" : "same as user",
+ "description" : "API token expiration date (seconds since epoch). '0' means no expiration date.",
+ "minimum" : 0,
+ "optional" : 1,
+ "type" : "integer"
+ },
+ "privsep" : {
+ "default" : 1,
+ "description" : "Restrict API token privileges with separate ACLs (default), or give full privileges of corresponding user.",
+ "optional" : 1,
+ "type" : "boolean"
+ }
+ },
+ "type" : "object"
+ }
+ },
+ "POST" : {
+ "allowtoken" : 1,
+ "description" : "Generate a new API token for a specific user. NOTE: returns API token value, which needs to be stored as it cannot be retrieved afterwards!",
+ "method" : "POST",
+ "name" : "generate_token",
+ "parameters" : {
+ "additionalProperties" : 0,
+ "properties" : {
+ "comment" : {
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
+ "expire" : {
+ "default" : "same as user",
+ "description" : "API token expiration date (seconds since epoch). '0' means no expiration date.",
+ "minimum" : 0,
+ "optional" : 1,
+ "type" : "integer",
+ "typetext" : "<integer> (0 - N)"
+ },
+ "privsep" : {
+ "default" : 1,
+ "description" : "Restrict API token privileges with separate ACLs (default), or give full privileges of corresponding user.",
+ "optional" : 1,
+ "type" : "boolean",
+ "typetext" : "<boolean>"
+ },
+ "tokenid" : {
+ "description" : "User-specific token identifier.",
+ "pattern" : "(?^:[A-Za-z][A-Za-z0-9\\.\\-_]+)",
+ "type" : "string"
+ },
+ "userid" : {
+ "description" : "User ID",
+ "format" : "pve-userid",
+ "maxLength" : 64,
+ "type" : "string",
+ "typetext" : "<string>"
+ }
+ }
+ },
+ "permissions" : {
+ "check" : [
+ "or",
+ [
+ "userid-param",
+ "self"
+ ],
+ [
+ "perm",
+ "/access/users/{userid}",
+ [
+ "User.Modify"
+ ]
+ ]
+ ]
+ },
+ "protected" : 1,
+ "returns" : {
+ "additionalProperties" : 0,
+ "properties" : {
+ "full-tokenid" : {
+ "description" : "The full token id.",
+ "format_description" : "<userid>!<tokenid>",
+ "type" : "string"
+ },
+ "info" : {
+ "properties" : {
+ "comment" : {
+ "optional" : 1,
+ "type" : "string"
+ },
+ "expire" : {
+ "default" : "same as user",
+ "description" : "API token expiration date (seconds since epoch). '0' means no expiration date.",
+ "minimum" : 0,
+ "optional" : 1,
+ "type" : "integer"
+ },
+ "privsep" : {
+ "default" : 1,
+ "description" : "Restrict API token privileges with separate ACLs (default), or give full privileges of corresponding user.",
+ "optional" : 1,
+ "type" : "boolean"
+ }
+ },
+ "type" : "object"
+ },
+ "value" : {
+ "description" : "API token value used for authentication.",
+ "type" : "string"
+ }
+ },
+ "type" : "object"
+ }
+ },
+ "PUT" : {
+ "allowtoken" : 1,
+ "description" : "Update API token for a specific user.",
+ "method" : "PUT",
+ "name" : "update_token_info",
+ "parameters" : {
+ "additionalProperties" : 0,
+ "properties" : {
+ "comment" : {
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
+ "expire" : {
+ "default" : "same as user",
+ "description" : "API token expiration date (seconds since epoch). '0' means no expiration date.",
+ "minimum" : 0,
+ "optional" : 1,
+ "type" : "integer",
+ "typetext" : "<integer> (0 - N)"
+ },
+ "privsep" : {
+ "default" : 1,
+ "description" : "Restrict API token privileges with separate ACLs (default), or give full privileges of corresponding user.",
+ "optional" : 1,
+ "type" : "boolean",
+ "typetext" : "<boolean>"
+ },
+ "tokenid" : {
+ "description" : "User-specific token identifier.",
+ "pattern" : "(?^:[A-Za-z][A-Za-z0-9\\.\\-_]+)",
+ "type" : "string"
+ },
+ "userid" : {
+ "description" : "User ID",
+ "format" : "pve-userid",
+ "maxLength" : 64,
+ "type" : "string",
+ "typetext" : "<string>"
+ }
+ }
+ },
+ "permissions" : {
+ "check" : [
+ "or",
+ [
+ "userid-param",
+ "self"
+ ],
+ [
+ "perm",
+ "/access/users/{userid}",
+ [
+ "User.Modify"
+ ]
+ ]
+ ]
+ },
+ "protected" : 1,
+ "returns" : {
+ "description" : "Updated token information.",
+ "properties" : {
+ "comment" : {
+ "optional" : 1,
+ "type" : "string"
+ },
+ "expire" : {
+ "default" : "same as user",
+ "description" : "API token expiration date (seconds since epoch). '0' means no expiration date.",
+ "minimum" : 0,
+ "optional" : 1,
+ "type" : "integer"
+ },
+ "privsep" : {
+ "default" : 1,
+ "description" : "Restrict API token privileges with separate ACLs (default), or give full privileges of corresponding user.",
+ "optional" : 1,
+ "type" : "boolean"
+ }
+ },
+ "type" : "object"
+ }
+ }
+ },
+ "leaf" : 1,
+ "path" : "/access/users/{userid}/token/{tokenid}",
+ "text" : "{tokenid}"
+ }
+ ],
+ "info" : {
+ "GET" : {
+ "allowtoken" : 1,
+ "description" : "Get user API tokens.",
+ "method" : "GET",
+ "name" : "token_index",
+ "parameters" : {
+ "additionalProperties" : 0,
+ "properties" : {
+ "userid" : {
+ "description" : "User ID",
+ "format" : "pve-userid",
+ "maxLength" : 64,
+ "type" : "string",
+ "typetext" : "<string>"
+ }
+ }
+ },
+ "permissions" : {
+ "check" : [
+ "or",
+ [
+ "userid-param",
+ "self"
+ ],
+ [
+ "perm",
+ "/access/users/{userid}",
+ [
+ "User.Modify"
+ ]
+ ]
+ ]
+ },
+ "returns" : {
+ "items" : {
+ "properties" : {
+ "comment" : {
+ "optional" : 1,
+ "type" : "string"
+ },
+ "expire" : {
+ "default" : "same as user",
+ "description" : "API token expiration date (seconds since epoch). '0' means no expiration date.",
+ "minimum" : 0,
+ "optional" : 1,
+ "type" : "integer"
+ },
+ "privsep" : {
+ "default" : 1,
+ "description" : "Restrict API token privileges with separate ACLs (default), or give full privileges of corresponding user.",
+ "optional" : 1,
+ "type" : "boolean"
+ },
+ "tokenid" : {
+ "description" : "User-specific token identifier.",
+ "pattern" : "(?^:[A-Za-z][A-Za-z0-9\\.\\-_]+)",
+ "type" : "string"
+ }
+ },
+ "type" : "object"
+ },
+ "links" : [
+ {
+ "href" : "{tokenid}",
+ "rel" : "child"
+ }
+ ],
+ "type" : "array"
+ }
+ }
+ },
+ "leaf" : 0,
+ "path" : "/access/users/{userid}/token",
+ "text" : "token"