Skip to main content

Access tokens

Overview

An access token is the credential you use in place of a password when calling the ECI API programmatically. Use it from Terraform, the CLI, CI/CD pipelines, or automation scripts. A token inherits the role (and therefore the permissions) of the user who issued it.

Prerequisites
  • User.UserAccessToken.CREATE permission

Issuing a token

  1. Go to User Management > User Access Tokens.
  2. Click Create Token in the top right.
  3. Fill in:
    • Token name and description (for identification)
    • Expiration: pick one of 30 days, 90 days, 6 months, 12 months, or a custom date (calendar picker)
  4. Click Create. The issued token value is shown on screen, and you can copy it again later from the Copy icon in the token list.
A token is itself a secret credential

Even though you can re-copy it from the portal, anyone who gets it can use it immediately. Don't commit it to source control — keep it in environment variables or a secret manager (1Password, Vault, GitHub Secrets, and so on). If you suspect a leak, delete the token right away and reissue.

Use short expirations

To reduce leak risk, prefer short-lived tokens (30–90 days) and rotate them on a schedule. For automation, configure expiry-impending notifications.

Viewing and copying tokens

The token list shows the issued token value and metadata.

ColumnDescription
TokenIssued token value. Copy with the Copy icon on the right
Created / ExpiresWhen the token was issued and when it expires
RolesRoles (permissions) the token inherits
EmailThe owner (issuer) of the token

After copying, store the token in environment variables or a secret manager (1Password, Vault, GitHub Secrets, etc.).

Using a token

# Keep it in an environment variable
export ECI_ACCESS_TOKEN="your-token"

# Call the API (portal API base URL)
curl -H "Authorization: Bearer $ECI_ACCESS_TOKEN" \
  "https://portal.elice.cloud/api/user/resource/compute/virtual-machine"

The API base URL is your portal domain with /api appended.

  • Commercial zone: https://portal.elice.cloud/api
  • Public zone: https://portal.gov.elice.cloud/api
  • Elice-integrated organization: https://<organization>.elice.io/api

In Terraform, inject the token in the provider block (see Terraform overview for details):

provider "eci" {
  api_endpoint     = "https://portal.elice.cloud/api"
  api_access_token = var.eci_access_token
  zone_id          = var.zone_id
}

Never commit the token itself. Pass it through .env files, secret managers, or CI variables only.

Revoking (deleting) a token

When a token has leaked or is no longer needed, delete it right away.

  1. Click the menu on the target token row.
  2. Choose Delete token.
  3. Confirm in the warning dialog.

Deletion takes effect immediately, and any further API call with the token is rejected.

Revoke leaked tokens immediately

If a token has been exposed, delete it and issue a new one. Issuance and deletion are tracked in the Audit log.

Next steps