API Token permissions
Stax API permissions using API Tokens
Article Tags
On This Page
See alsoAPI Tokens provide programmatic access to the Stax API and cannot be used to log into the Stax console. The below table provides a a list of permissions for each Stax role used to manage the access level of your API Token.
| Key | Description |
|---|---|
 | User can perform this action |
 | User cannot perform this action |
| Actions | Admin | User | Readonly | Description |
|---|---|---|---|---|
| teams:CreateUser | | | | Allows token to invite a new team member |
| teams:CreateRootUser | | | | Allows token user to invite a new root user |
| teams:UpdateUserPassword | | | | Allows token to request a password reset |
| teams:ReadUsers | | | | Allows token to view all team members |
| teams:UpdateUser | | | | Allows token to update a team member's details or deactivate/activate them |
| teams:DeleteUser | | | | Allows token to delete a team member |
| teams:ReadGroups | | | | Allows token to view Groups |
| teams:CreateGroup | | | | Allows token to create a Group |
| teams:UpdateGroup | | | | Allows token to update a Group |
| teams:DeleteGroup | | | | Allows token to delete a Group |
| teams:UpdateGroupMembers | | | | Allows token to add a Group member |
| teams:ReadAPIToken | | | | Allows token to view all API Tokens |
| teams:CreateAPIToken | | | | Allows token to create an API Token |
| teams:UpdateAPIToken | | | | Allows token to update an API Token |
| teams:DeleteAPIToken | | | | Allows token to delete an API Token |
| workloads:ReadWorkloads | | | | Allows token to view Active Workloads |
| workloads:CreateWorkload | | | | Allows token to deploy a Workload |
| workloads:UpdateWorkload | | | | Allows token to update an active Workload |
| workloads:UpdateAllWorkloads | | | | Allows token to update all active Workloads of a particular Workload Catalogue Item |
| workloads:ReadCatalogueItems | | | | Allows token to view the Workload Catalogue |
| workloads:CreateCatalogueItem | | | | Allows token to create a Workload Catalogue Item |
| workloads:UpdateCatalogueItem | | | | Allows token to update a Workload Catalogue Item |
| workloads:CreateCatalogueVersion | | | | Allows token to create a Workload Catalogue Version within a Workload Catalogue Item |
| workloads:DeleteCatalogueItem | | | | Allows token to delete a Workload Catalogue Item |
| workloads:DeleteCatalogueVersion | | | | Allows token to delete a Workload Catalogue Version |
| workloads:DeleteWorkload | | | | Allows token to deactivate a Workload |
| accounts:ReadAccounts | | | | Allows token to view Accounts |
| accounts:CreateAccount | | | | Allows token to create an Account |
| accounts:UpdateAccount | | | | Allows token to update an Account name, description and tags |
| accounts:ReadAccountTypes | | | | Allows token to view Account Types |
| accounts:CreateAccountType | | | | Allows token to create an Account Type |
| accounts:UpdateAccountType | | | | Allows token to update an Account Type |
| accounts:DeleteAccountType | | | | Allows token to delete an Account Type |
| accounts:AddAccountTypeRole | | | | Allows token to add an AWS role to an Account Type |
| policies:ReadPolicies | | | | Allows token to view Policies |
| policies:CreatePolicy | | | | Allows token to create a Policy |
| policies:UpdatePolicy | | | | Allows token to update a Policy |
| policies:DeletePolicy | | | | Allows token to delete a Policy |
| policies:AttachPolicy | | | | Allows token to attach a Policy to an Organization |
| policies:DetachPolicy | | | | Allows token to detach a Policy from an Organization |
| accounttypes:UpdateAccountTypeMembers | | | | Allows token to move accounts between Account Types |
| accounttypes:UpdateAccountTypePolicies | | | | Allows token to add or remove Policies from an Account Type |
| organisations:ReadOrganisation | | | | Allows token to view their Organization details |
| tasks:ReadTasks | | | | Allows token to view the status of a task |
| tasks:ReadTasksbyStatus | | | | Allows token to view tasks by status |
| alias:CheckAliasAvailability | | | | Allows token to check if a Customer Alias is already in use |