The Fastly Authentication Tokens API enables developers to create and manage API tokens used to authenticate requests to the Fastly API. Tokens can be scoped to specific services and permissions, allowing fine-grained access control for users and automated systems. The API supports creating user tokens, automation tokens for CI/CD pipelines, and managing token lifecycle including listing, revoking, and expiring tokens.
openapi: 3.1.0
info:
title: Fastly Authentication Tokens API
description: >-
The Fastly Authentication Tokens API enables developers to create and manage
API tokens used to authenticate requests to the Fastly API. Tokens can be
scoped to specific services and permissions, allowing fine-grained access
control for users and automated systems. The API supports creating user
tokens, automation tokens for CI/CD pipelines, and managing token lifecycle
including listing, revoking, and expiring tokens.
version: '1.0'
contact:
name: Fastly Support
url: https://support.fastly.com
termsOfService: https://www.fastly.com/terms
externalDocs:
description: Fastly Authentication Tokens API Documentation
url: https://www.fastly.com/documentation/reference/api/auth-tokens/
servers:
- url: https://api.fastly.com
description: Fastly API Production Server
tags:
- name: Automation Tokens
description: >-
Operations for managing automation tokens used by non-human clients
such as CI/CD pipelines and build systems.
- name: User Tokens
description: >-
Operations for managing user API tokens that authenticate requests
to the Fastly API on behalf of a specific user.
security:
- apiKeyAuth: []
paths:
/tokens:
get:
operationId: listTokens
summary: List API tokens
description: >-
Retrieves a list of all API tokens associated with the authenticated
user.
tags:
- User Tokens
responses:
'200':
description: Successfully retrieved the list of tokens.
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Token'
'401':
description: Unauthorized. The API token is missing or invalid.
post:
operationId: createToken
summary: Create an API token
description: >-
Creates a new API token for the authenticated user. Tokens can be
scoped to specific services and permissions.
tags:
- User Tokens
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
type: object
required:
- name
- scope
properties:
name:
type: string
description: >-
The name of the token.
scope:
type: string
description: >-
A space-delimited list of authorization scopes.
services:
type: array
description: >-
A list of service IDs the token is scoped to.
items:
type: string
expires_at:
type: string
format: date-time
description: >-
The expiration date and time of the token.
responses:
'200':
description: Successfully created the token.
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
'400':
description: Bad request. Missing or invalid parameters.
'401':
description: Unauthorized. The API token is missing or invalid.
/tokens/{token_id}:
get:
operationId: getToken
summary: Get an API token
description: >-
Retrieves the details of a specific API token.
tags:
- User Tokens
parameters:
- name: token_id
in: path
required: true
description: >-
The alphanumeric string identifying the token.
schema:
type: string
responses:
'200':
description: Successfully retrieved the token.
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
'401':
description: Unauthorized. The API token is missing or invalid.
'404':
description: Token not found.
delete:
operationId: revokeToken
summary: Revoke an API token
description: >-
Revokes a specific API token, immediately invalidating it for future
API requests.
tags:
- User Tokens
parameters:
- name: token_id
in: path
required: true
description: >-
The alphanumeric string identifying the token.
schema:
type: string
responses:
'204':
description: Successfully revoked the token.
'401':
description: Unauthorized. The API token is missing or invalid.
'404':
description: Token not found.
/tokens/self:
get:
operationId: getTokenCurrent
summary: Get the current token
description: >-
Retrieves the details of the API token used to authenticate the
current request.
tags:
- User Tokens
responses:
'200':
description: Successfully retrieved the current token.
content:
application/json:
schema:
$ref: '#/components/schemas/Token'
'401':
description: Unauthorized. The API token is missing or invalid.
delete:
operationId: revokeTokenCurrent
summary: Revoke the current token
description: >-
Revokes the API token used to authenticate the current request.
tags:
- User Tokens
responses:
'204':
description: Successfully revoked the current token.
'401':
description: Unauthorized. The API token is missing or invalid.
/customer/{customer_id}/tokens:
get:
operationId: listCustomerTokens
summary: List customer tokens
description: >-
Retrieves a list of all API tokens for a specific customer. Requires
superuser access.
tags:
- User Tokens
parameters:
- name: customer_id
in: path
required: true
description: >-
The alphanumeric string identifying the customer.
schema:
type: string
responses:
'200':
description: Successfully retrieved the list of customer tokens.
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Token'
'401':
description: Unauthorized. The API token is missing or invalid.
'403':
description: Forbidden. Superuser access required.
/automation-tokens:
get:
operationId: listAutomationTokens
summary: List automation tokens
description: >-
Retrieves a list of all automation tokens for the customer account.
Automation tokens are not tied to a specific user and are designed for
CI/CD pipelines and build systems.
tags:
- Automation Tokens
parameters:
- name: per_page
in: query
description: >-
The number of items per page.
schema:
type: integer
- name: page
in: query
description: >-
The page number to retrieve.
schema:
type: integer
responses:
'200':
description: Successfully retrieved the list of automation tokens.
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/AutomationToken'
'401':
description: Unauthorized. The API token is missing or invalid.
post:
operationId: createAutomationToken
summary: Create an automation token
description: >-
Creates a new automation token. Only users with the superuser role
can create automation tokens and must be in sudo mode. Automation
tokens can remain active indefinitely because they are not tied
to a human user.
tags:
- Automation Tokens
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
- scope
- role
properties:
name:
type: string
description: >-
The name of the automation token.
role:
type: string
description: >-
The role for the automation token.
enum:
- billing
- engineer
- user
scope:
type: string
description: >-
A space-delimited list of authorization scopes.
services:
type: array
description: >-
A list of service IDs the token is scoped to.
items:
type: string
expires_at:
type: string
format: date-time
description: >-
The expiration date and time of the token.
responses:
'201':
description: Successfully created the automation token.
content:
application/json:
schema:
$ref: '#/components/schemas/AutomationToken'
'400':
description: Bad request. Missing or invalid parameters.
'401':
description: Unauthorized. The API token is missing or invalid.
'403':
description: Forbidden. Superuser access in sudo mode required.
/automation-tokens/{automation_token_id}:
get:
operationId: getAutomationToken
summary: Get an automation token
description: >-
Retrieves the details of a specific automation token.
tags:
- Automation Tokens
parameters:
- name: automation_token_id
in: path
required: true
description: >-
The alphanumeric string identifying the automation token.
schema:
type: string
responses:
'200':
description: Successfully retrieved the automation token.
content:
application/json:
schema:
$ref: '#/components/schemas/AutomationToken'
'401':
description: Unauthorized. The API token is missing or invalid.
'404':
description: Automation token not found.
delete:
operationId: revokeAutomationToken
summary: Revoke an automation token
description: >-
Revokes a specific automation token, immediately invalidating it.
tags:
- Automation Tokens
parameters:
- name: automation_token_id
in: path
required: true
description: >-
The alphanumeric string identifying the automation token.
schema:
type: string
responses:
'204':
description: Successfully revoked the automation token.
'401':
description: Unauthorized. The API token is missing or invalid.
'404':
description: Automation token not found.
components:
securitySchemes:
apiKeyAuth:
type: apiKey
in: header
name: Fastly-Key
description: >-
API token used to authenticate requests to the Fastly API.
schemas:
Token:
type: object
description: >-
An API token used to authenticate requests to the Fastly API on
behalf of a specific user.
properties:
id:
type: string
description: >-
The alphanumeric string identifying the token.
name:
type: string
description: >-
The name of the token.
user_id:
type: string
description: >-
The alphanumeric string identifying the user the token belongs to.
customer_id:
type: string
description: >-
The alphanumeric string identifying the customer.
scope:
type: string
description: >-
A space-delimited list of authorization scopes.
services:
type: array
description: >-
A list of service IDs the token is scoped to.
items:
type: string
access_token:
type: string
description: >-
The token value used for authentication. Only returned on creation.
ip:
type: string
description: >-
The IP address of the client that last used the token.
last_used_at:
type: string
format: date-time
description: >-
The date and time the token was last used.
expires_at:
type: string
format: date-time
nullable: true
description: >-
The date and time the token expires.
created_at:
type: string
format: date-time
description: >-
The date and time the token was created.
AutomationToken:
type: object
description: >-
An automation token used by non-human clients such as CI/CD pipelines
and build systems to authenticate requests to the Fastly API.
properties:
id:
type: string
description: >-
The alphanumeric string identifying the automation token.
name:
type: string
description: >-
The name of the automation token.
customer_id:
type: string
description: >-
The alphanumeric string identifying the customer.
role:
type: string
description: >-
The role assigned to the automation token.
enum:
- billing
- engineer
- user
scope:
type: string
description: >-
A space-delimited list of authorization scopes.
services:
type: array
description: >-
A list of service IDs the token is scoped to.
items:
type: string
ip:
type: string
description: >-
The IP address of the client that last used the token.
last_used_at:
type: string
format: date-time
description: >-
The date and time the token was last used.
expires_at:
type: string
format: date-time
nullable: true
description: >-
The date and time the token expires.
created_at:
type: string
format: date-time
description: >-
The date and time the token was created.
sudo_expires_at:
type: string
format: date-time
nullable: true
description: >-
The date and time the sudo mode expires.