Skip to content

tokens.md

Latest commit

 

History

History
79 lines (60 loc) · 1.49 KB

tokens.md

File metadata and controls

79 lines (60 loc) · 1.49 KB

Tokens Reference

Pangolin uses JSON Web Tokens (JWT) for user authentication.

1. API

Base Endpoint: /api/v1/tokens

Create Token (Login)

  • Method: POST
  • Path: /api/v1/users/login
  • Body: 
    {
  "username": "alice",
  "password": "...",
  "tenant_id": "optional-uuid"
}

Revoke Current Token (Logout)

  • Method: POST
  • Path: /api/v1/tokens/revoke
  • Auth: Bearer Token
  • Body: {}

Revoke Specific Token

  • Method: POST
  • Path: /api/v1/tokens/revoke/{token_id}
  • Auth: Admin

List User Tokens

  • Method: GET
  • Path: /api/v1/users/{user_id}/tokens

2. CLI

List User Tokens

pangolin-admin list-user-tokens --user-id <uuid>

Revoke Token

# Revoke your current session
pangolin-admin revoke-token

# Revoke a specific token by ID
pangolin-admin revoke-token-by-id --id <token-uuid>

3. Python SDK (pypangolin)

List Tokens

tokens = client.tokens.list_user_tokens("user-uuid")
for t in tokens:
    print(t.token_id, t.is_valid)

Revoke Token

client.tokens.revoke_by_id("token-uuid")

4. UI

  1. Log in as Tenant Admin.
  2. Navigate to Users.
  3. Select a specific user (click name or "Edit").
  4. Navigate to the Sessions/Tokens tab.
  5. List: You will see active sessions.
  6. Revoke: Click Revoke next to a session to invalidate it immediately.