From b17b5a5760968181c01eec8f3a03fffd262bb1e1 Mon Sep 17 00:00:00 2001 From: Mike Solomon Date: Mon, 24 Mar 2025 09:25:04 -0700 Subject: [PATCH] Update PAT docs with new permissions We changed PATs so they have the same permissions as your user and require you to login once every 14 days to continue working. All the docs have been updated to reflect that. --- .../how-to-guides/accessing-the-moderne-api.md | 4 ---- .../how-to-guides/create-api-access-tokens.md | 9 ++++----- .../moderne-platform/references/moderne-tokens.md | 8 +++++--- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/docs/user-documentation/moderne-platform/how-to-guides/accessing-the-moderne-api.md b/docs/user-documentation/moderne-platform/how-to-guides/accessing-the-moderne-api.md index 3ea8d135..13efc5d5 100644 --- a/docs/user-documentation/moderne-platform/how-to-guides/accessing-the-moderne-api.md +++ b/docs/user-documentation/moderne-platform/how-to-guides/accessing-the-moderne-api.md @@ -11,10 +11,6 @@ Moderne offers a GraphQL API for customers to interact with through the usage of In order to access the GraphQL API, you will need to [create a Moderne personal access token](create-api-access-tokens.md). -:::warning -Personal access tokens **do not** have the same permissions as your user account. Actions that require roles (such as deploying recipes or uploading LSTs) will fail as forbidden if attempted with an access token. -::: - ## GraphQL API Explorer To assist with the development of tools that access the Moderne APIs, Moderne offers an API explorer where you can manually create and run queries. diff --git a/docs/user-documentation/moderne-platform/how-to-guides/create-api-access-tokens.md b/docs/user-documentation/moderne-platform/how-to-guides/create-api-access-tokens.md index 349cc003..d591abf2 100644 --- a/docs/user-documentation/moderne-platform/how-to-guides/create-api-access-tokens.md +++ b/docs/user-documentation/moderne-platform/how-to-guides/create-api-access-tokens.md @@ -5,7 +5,9 @@ description: How to create a personal access token to use the CLI or the Moderne # Creating a personal access token -In order to use the [Moderne GraphQL API](https://api.app.moderne.io/), you will need to create a Personal Access Token. +In order to use the [Moderne GraphQL API](https://api.app.moderne.io/), you will need to create a Personal Access Token. These tokens have the same level of permissions as your account – meaning that if you are an admin, your tokens will have admin permissions. + +You **must** log in to the Moderne Platform every 14 days for your tokens to continue functioning. :::info If you want to learn how to use an access token, please go to the [Accessing the Moderne API doc](accessing-the-moderne-api.md). @@ -16,7 +18,6 @@ In this doc, you can find out: * [How to make a new access token](#how-to-make-an-access-token) * [How to view what access tokens already exist](#how-to-view-your-access-tokens) * [How to revoke access tokens you no longer want](#how-to-revoke-an-access-token) -* [Some limitations around these access tokens](#limitations) ## How to make an access token @@ -42,6 +43,7 @@ In this doc, you can find out: 4. In the text box that says `Enter token name`, enter a descriptive name for your token so that it can easily be distinguished from other tokens. + 5. Press the `generate` button. You should see something that looks like:
@@ -69,6 +71,3 @@ From the [access token](https://app.moderne.io/settings/access-token) page, clic
-## Limitations - -* Personal access tokens have the lowest level of permissions possible. They do not have the same permissions as your user account. For instance, actions that require a specific role (such as deploying a recipe or uploading an AST) will fail as forbidden if attempted with an access token. diff --git a/docs/user-documentation/moderne-platform/references/moderne-tokens.md b/docs/user-documentation/moderne-platform/references/moderne-tokens.md index 90109cf1..45db7a78 100644 --- a/docs/user-documentation/moderne-platform/references/moderne-tokens.md +++ b/docs/user-documentation/moderne-platform/references/moderne-tokens.md @@ -55,15 +55,17 @@ Personal access tokens are used to make queries against the [Moderne GraphQL API ### Permissions -These tokens **do not** have a role associated with them. That means that users can't do things like view agent configurations, delete repositories, or view the audit logs. These tokens are, effectively, the same thing as a [login token](#login-token) for users who are not admins. +Personal access tokens share the same permissions as your user. What this means is that, if you are an admin, any personal access token you create will have admin permissions. ### Expiration -Personal access tokens do not expire. [Please follow these instructions if you want to revoke them](../how-to-guides/create-api-access-tokens.md#how-to-revoke-an-access-token). +Personal access tokens do not expire. That being said, they **stop working** if you do not log in to the Moderne Platform for 14 days. Once you log in again after the 14 days, they will start working again. + +For instructions on how to revoke personal access tokens, please see our [managing personal access tokens doc](../how-to-guides/create-api-access-tokens.md#how-to-revoke-an-access-token) ### Further reading -For instructions on how to create, view, or revoke personal access tokens, please read the [Personal Access Token doc](../how-to-guides/create-api-access-tokens.md). +For instructions on how to create, view, or revoke personal access tokens, please read the [managing personal access tokens doc](../how-to-guides/create-api-access-tokens.md). ## Source Code Management (SCM) OAuth token