API Tokens

Learn about Stax API Tokens

Article Tags
On This Page
IntroductionKey storage managementStax activity feed logging and audit trailAPI Token rotation RemindersPython SDKSee also

Introduction

API Tokens are security credentials that can be used to authenticate to the Stax API via the Stax SDK for Python. API Tokens are comprised of an Access Key and a Secret Key and can be given a name, role, description and tags. The role permissions for API Tokens can be found here.

In regard to API Tokens, Stax provides the below features:

  • Key storage management
  • Stax activity feed logging and audit trail
  • API Token rotation Reminders
  • Python SDK

Key storage management

The Access Key and Secret Key are provided to you upon creation of the API Token. At creation time, you will be given the option to either store the Keys yourself or let Stax store them for you in SSM.

Store the Keys yourself

You can then store the Access Key and Secret Key securely in your credential manager, just as you would for any other password. The Secret Key will only be provided to you once - upon creation of your API token - and will never be displayed again.

Let Stax store your Keys

Stax will encrypt and store your API Token Access Key and Secret Key in the AWS Systems Manager (SSM) Parameter Store within your Security Account. You can choose to bring your own KMS encryption key or use a Stax dedicated key. To retrieve your Secret Key, you will need to navigate to SSM in your Security Account. The Access Key and Secret Key are stored as Parameters and are titled /stax/api-tokens/<token_name>/AccessKey and /stax/api-tokens/<token_name>/SecretKey respectively.

Stax activity feed logging and audit trail

Actions performed by API Tokens will appear within the Activity Feed and will also be captured as events and stored in StaxTrail. Furthermore, changes made to API Tokens via the Console or API will also be logged.

API Token rotation Reminders

The AWS CIS Foundations Benchmark encourages AWS users to rotate AWS Keys every 90 days. Stax has adopted a similar approach for API Tokens and recommends that customers generate new API Tokens every 90 days. The Stax console will display the age of your API Tokens and will indicate when an API Token's age is greater than 90 days so that customers can take action.

Python SDK

The Stax Python SDK allows you to leverage automation functionality within Stax via API Tokens so that you can increase the speed of your development and reduce inefficiencies. For more information regarding the SDK, see the Stax Python SDK overview page.


See also