In the RUM Console in DC RUM 2017, you can create public API tokens, so that other systems can query the REST API without needing to authenticate using a username and password. There's an application which I want to give an API token to, so it can get performance data. When I go to create a token, it says that the owner is me. Does this mean that anyone with the token could do what I can do? This would be bad, as I'm a System Administrator.
I want to instead assign the token to the service account that's been provided by the application. How would I go about changing the owner in this case? The API tokens documentation doesn't provide much insight.
Solved! Go to Solution.
In 2017 the tokens were just added as a new feature. In 2018 with the enforcement of a "Public API" role, the capabilities of tokens will be limited to the information available in the DMI REST API. That means that with the 2018 release you can have the application you have mentioned access the performance data with the use of a Public API token.
That application in 2018 will have only access to the DMI REST API. In the future, we tend to make the access more granular. That is why the information about the author is important. In 2018 the information about the owner is needed so that we can see if the user creating the token has appropriate permissions to access the Public API.
Hope that helps!