Access tokens

Superblocks has several integration options that require access tokens or API keys:

• Superblocks CLI - Source control your Superblocks tools and develop Custom Components with the Superblocks command line interface.
• Import and Export Actions - Sync changes back to Superblocks using GitHub Actions and GitLab Pipelines.
• SCIM API - Manage Superblocks users and groups programmatically.
• Session API - Lets you request session tokens for embedded users to grant them access to your embedded applications.

Personal API key

The Superblocks CLI and CI actions require a personal API key for authorization. The operations you can perform is tied to your personal permissions within the Superblocks platform. To access your personal API key:

1. Click your avatar in the upper-left corner of the home page and click Personal Settings
2. On the left nav, click API Key
3. Click the copy icon to copy your API key

API authentication

The SCIM and Session API both require org-level access tokens. The set of operations the token can perform is based on the Token type set when creating the token.

• Org Admin - used by the SCIM API and has permission to manage org settings, users, and groups
• Embed - create and manage authenticated session tokens for Embedded Apps users

caution

Only organization Admins can create and delete org-level access tokens.

Creating an access token

1. Click your avatar in the upper-left corner of the home page and click Organization Settings
2. On the left nav, click Access Tokens
3. Click +Create token
4. In the Name field give your token a descriptive name
5. Select an Expiration date, or use the default 90 day expiration.
6. Set the Token type that you want
7. Click Create

caution

Save your tokens immediately

Your access token is visible one time, immediately after you create it. If you leave or refresh the page where the token is displayed, it will be obscured and no longer visible. You must copy and store new access tokens somewhere secure before you leave the creation page, or you will lose access to the token.

Deleting an access token

Deleting an access token removes it from your account. This is an irreversible action and a deleted token cannot be recovered. For this reason, we recommend creating a new access token and update anywhere you're calling Superblocks APIs, before deleting the token.

1. Click your avatar in the upper-left corner of the home page and click Organization Settings
2. On the left nav, click Access Tokens
3. In the table of access tokens, select Remove next to the token you’d like to delete
4. Confirm in the browser alert