diff --git a/docs/api/authentication.md b/docs/api/authentication.md index ac8ea36..fad9442 100644 --- a/docs/api/authentication.md +++ b/docs/api/authentication.md @@ -10,19 +10,22 @@ import UpcomingFeature from '@site/src/components/UpcomingFeature'; ## Personal access tokens -The ETM API uses personal access tokens (also called "API keys") to authenticate requests. You can add and remove these keys [**from your settings page**](https://engine.energytransitionmodel.com/identity/tokens). +:::info Token Expiry Update +Previously, tokens could be created without an expiration date. This feature has been deprecated, and tokens can now have a maximum lifespan of one year. +::: -These keys provide access to your account and scenarios, so be sure only to share them with trusted applications. It's highly recommended that you create a new token for each application, rather than reusing the same token in many places. There is no limit to how many you can create. +The ETM API uses personal access tokens (also called "API keys") to authenticate requests. You can add and remove these keys [**from your settings page**](https://my.energytransitionmodel.com/identity/tokens). +These keys provide access to your account and scenarios, so be sure only to share them with trusted applications. It's highly recommended that you create a new token for each application, rather than reusing the same token in many places. There is no limit to how many you can create. Authentication with the API is with a bearer token. See: [Using your access token](#using-your-access-token). ### Creating an access token -Access tokens may be created on [**your ETM settings page**](https://engine.energytransitionmodel.com/identity/tokens). After you create your token, the full token string will only be shown for a short period. Be sure to copy it somewhere secure as it will not be shown again. +Access tokens may be created on [**your ETM settings page**](https://my.energytransitionmodel.com/identity/tokens). After you create your token, the full token string will only be shown for a short period. Be sure to copy it somewhere secure as it will not be shown again. :::info I've lost my token! -If you lose your token, head to your [access tokens](https://engine.energytransitionmodel.com/identity/tokens) page, revoke the token so that it can no longer be used to access your account, and then create a new token. +If you lose your token, head to your [access tokens](https://my.energytransitionmodel.com/identity/tokens) page, revoke the token so that it can no longer be used to access your account, and then create a new token. ::: ### Using your access token @@ -38,12 +41,12 @@ curl https://engine.energytransitionmodel.com/api/v3/scenarios \ GET /api/v3/scenarios HTTP/2 Host: engine.energytransitionmodel.com Accept: application/json -Authorization: Bearer etm_xcNxTaX8KLr5LkGs93sRWnGfhyAUDPWPqKVGe1RL73GJUnfQ +Authorization: Bearer etm_xcNxTaX8KLr5LkGs93sRWnGfhyAUDPWPqKVGe1RL73GJUnfQ... ``` ## Using the API without authentication -Without authentication, your use of the API results in scenarios that are considered "unowned" and can be both viewed *and changed* by anyone. [Creating an ETM account](https://engine.energytransitionmodel.com/identity/sign_up) will allow you create scenarios that belong to you, where you can strictly control who can view your data, and prevent others from making changes. +Without authentication, your use of the API results in scenarios that are considered "unowned" and can be both viewed *and changed* by anyone. [Creating an ETM account](https://my.energytransitionmodel.com/identity/sign_up) will allow you create scenarios that belong to you, where you can strictly control who can view your data, and prevent others from making changes. ## Get information about a token