Creating and managing HighBond access tokens

Create or manage your personal HighBond access tokens in the Manage API tokens page available through your Launchpad profile page.

What is an access token?

An access token is a string that identifies a user and authenticates access to other applications.

The access token that you require depends on what you need to do:

Analytics token

The Analytics token is automatically generated every time you activate Analytics and is stored in your registry.

  • If you are using Analytics 14 or below, and you manually create an ACLGRC Access Token, the token is categorized in Launchpad as an Analytics token type.
  • If you are using Analytics 14.1, and you manually create a HighBond Access Token, the token is categorized in Launchpad as an Analytics token type.

How it works

In Launchpad, the Manage API tokens page displays all of the access tokens that you have generated.

You can use the Manage API tokens page to:

  • copy your tokens
  • provide a label to describe or identify access tokens
  • lock access tokens to prevent them from being modified or deleted
  • delete access tokens

Caution

Access tokens provide many privileges, so it is important to keep them secure and private. Avoid sharing access tokens in publicly accessible areas.

Permissions

Any user can create an Analytics token. You must be a System Admin in at least one Diligent One instance to create a HighBond API token or an Activity Logs API token.

All users can manage their own access tokens.

Create access tokens

  1. Open Launchpad.
  2. Note

    If your company uses more than one instance in Diligent One, make sure the appropriate instance is active.

  3. Select Profile menu icon > Profile.
  4. Next to Application tokens, click Manage. The Manage API tokens page opens.
  5. Click +Add token and select the appropriate option from the dropdown menu (e.g., HighBond API, Analytics, or Activity Logs API). A New token side panel appears.
  6. Fill out the fields in the side panel to create a token.

    Note

    All fields are required to create a token including the Description field. The only exception is if you are opting to not include a token expiry. In that case, you would not need to fill out the number of days in which a token should expire, since it would default to Never.

    1. Enter a description.

      Tip

      In the description, include all of the places where this token will be used and its purpose. The reason for doing this is that tokens need to be replaced when they expire and adding a detailed description saves time and effort once it needs to be replaced.

    2. Optional. Enable or disable token expiry.

      Note

      The ability to set a token expiry should be enabled (toggled on) by default. If it is disabled, the token will never expire.

    3. Enter the number of days in which the token should expire to a maximum of one year (365 days) from the date of the token's creation.
    4. Enter your Diligent One account password to verify your identity.
  7. Click Generate token. The side panel refreshes with a message confirming that your token has successfully generated and includes the Token ID, the expiry date (the date and time the token will expire), and the Description.
  8. Click Copy. A Copied to clipboard message confirms that the token has been successfully copied.

    Caution

    Save your token before you close the side panel. As a security measure, this is your only opportunity to have access to it. If you do not save your token and forget it, you will need to create a new one.
  9. Click Close. The New token side panel closes.
  10. Paste the token into an application or a script.

    Note

    Treat the token like a password and do not share it with other people.

Managing API tokens

From the Manage API tokens page, view a list of existing tokens, edit token descriptions, lock tokens so that they cannot be edited or deleted, and delete tokens.

  1. Open Launchpad.
  2. Note

    If your company uses more than one instance in Diligent One, make sure the appropriate instance is active.

  3. Select Profile menu icon > Profile.
  4. Next to Application tokens, click Manage. The Manage API tokens page opens.
  5. Complete any of the following actions.

Reviewing access tokens

To locate tokens, you can search, sort, and filter to find specific tokens. Do any of the following:

  • Search tokens: Enter the first few characters of the access token (up to seven characters) in the search bar. This returns a narrowed list of results.
  • Sort tokens: Click on any of the column headings to sort tokens by the chosen column in ascending or descending order.
  • Filter tokens: By default, all generated tokens display. However, you can filter the list of tokens to a subset such as whether a token is locked or by the token type: Analytics, Activity logs, or HighBond API. Select your desired filters from the available dropdown menus to filter the list of tokens. Click Clear to remove all filters.

Editing an access token description

  1. Click the pencil . The Description field becomes editable inline.
  2. Make updates to the description and click the checkmark to save changes. The updated description appears in the table.

Locking or unlocking access tokens

If you want to prevent tokens from being deleted and token descriptions from being edited, you can lock them. Alternatively, you can unlock tokens to change descriptions and enable deletion.

  • Click the open lock beside your token to disable deleting tokens and editing descriptions. The lock appears closed to indicate that the token cannot be edited or deleted. The pencil and the trash bin also disappear.
  • Click the closed lock to unlock the token to enable deleting tokens and editing descriptions. The lock will appear open to indicate that editing and deleting are enabled. The pencil and the trash bin also reappear.

Delete access tokens

You can delete single tokens, multiple tokens at once, or all of the tokens in the list. If you do not need to maintain previous tokens for reference, you can delete them to remove clutter from the list of tokens. However, any decision to delete tokens should be approached with caution and only done when the token has been confirmed to no longer be in use anywhere, since deletion is permanent and cannot be undone.

Deleting a single token

  1. Click the trash bin next to the token. A Delete # token? dialog box appears for you to confirm deletion.
  2. Click Delete token. The token is permanently deleted and removed from the list.
  3. Caution

    Deleting a token is permanent and cannot be undone. If a token is in use when deleted, any process using it will fail. If a token is deleted in error, it would need to be recreated and re-introduced into the impacted application or script.

Deleting multiple tokens

  1. Click the checkboxes next to the tokens you want to delete. A red button appears above the list of tokens indicating the number of tokens to be deleted.
  2. Click Delete # tokens. A Delete # token? dialog box appears for you to confirm deletion.
  3. Click Delete tokens. The tokens are permanently deleted and removed from the list.
  4. Caution

    Deleting a token is permanent and cannot be undone. If a token is in use when deleted, any process using it will fail. If a token is deleted in error, it would need to be recreated and re-introduced into the impacted application or script.

Deleting all tokens

  1. Select the checkbox next to the information icon . This automatically selects all of the tokens in the list and a red button appears above the list of tokens indicating the number of tokens to be deleted.
  2. Click Delete # tokens. A Delete # tokens? dialog box appears for you to confirm deletion.
  3. Click Delete # tokens. The tokens are permanently deleted and removed from the list.
  4. Caution

    Deleting a token is permanent and cannot be undone. If a token is in use when deleted, any process using it will fail. If a token is deleted in error, it would need to be recreated and re-introduced into the impacted application or script.

Address expiring tokens

Several reminders will be sent until the token is deleted or expires. Token creators will receive notification emails 30 days, 5 days, and 1 day before a token's expiry date. An email notification will also be sent once the token expires. Once a token expires, all processes that depend on the token will fail unless it is replaced with a new token.

Replacing an expiring token with a new token

To avoid processes failing, expiring and expired tokens need to be replaced with new ones. To update a token, you will need to create a new token. See Create access tokens. Once a new token is created, locate all instances that use the expiring token, and replace the expiring token with the newly-created token.

Deleting an expiring token

Delete an expiring token to stop receiving notifications about an upcoming expiry and to remove any tokens you no longer need to reference. See Delete access tokens.

Caution

Deleting a token is permanent and cannot be undone. If a token is in use when deleted, any process using it will fail. If a token is deleted in error, it would need to be recreated and re-introduced into the impacted application or script.