API Token permissions

Stax API permissions using API Tokens

Article Tags
On This Page
See also

API Tokens provide programmatic access to the Stax API and cannot be used to log into the Stax console. The below table provides a a list of permissions for each Stax role used to manage the access level of your API Token.

KeyDescription
tickUser can perform this action
crossUser cannot perform this action

ActionsAdminUserReadonlyDescription
teams:CreateUsertickcrosscrossAllows token to invite a new team member
teams:CreateRootUsercrosscrosscrossAllows token user to invite a new root user
teams:UpdateUserPasswordticktickcrossAllows token to request a password reset
teams:ReadUserstickticktickAllows token to view all team members
teams:UpdateUsertickcrosscrossAllows token to update a team member's details or deactivate/activate them
teams:DeleteUsertickcrosscrossAllows token to delete a team member
teams:ReadGroupstickticktickAllows token to view Groups
teams:CreateGrouptickcrosscrossAllows token to create a Group
teams:UpdateGrouptickcrosscrossAllows token to update a Group
teams:DeleteGrouptickcrosscrossAllows token to delete a Group
teams:UpdateGroupMemberstickcrosscrossAllows token to add a Group member
teams:ReadAPITokentickticktickAllows token to view all API Tokens
teams:CreateAPITokentickcrosscrossAllows token to create an API Token
teams:UpdateAPITokentickcrosscrossAllows token to update an API Token
teams:DeleteAPITokentickcrosscrossAllows token to delete an API Token
workloads:ReadWorkloadstickticktickAllows token to view Active Workloads
workloads:CreateWorkloadticktickcrossAllows token to deploy a Workload
workloads:UpdateWorkloadticktickcrossAllows token to update an active Workload
workloads:UpdateAllWorkloadstickcrosscrossAllows token to update all active Workloads of a particular Workload Catalogue Item
workloads:ReadCatalogueItemstickticktickAllows token to view the Workload Catalogue
workloads:CreateCatalogueItemtickcrosscrossAllows token to create a Workload Catalogue Item
workloads:UpdateCatalogueItemtickcrosscrossAllows token to update a Workload Catalogue Item
workloads:CreateCatalogueVersiontickcrosscrossAllows token to create a Workload Catalogue Version within a Workload Catalogue Item
workloads:DeleteCatalogueItemtickcrosscrossAllows token to delete a Workload Catalogue Item
workloads:DeleteCatalogueVersiontickcrosscrossAllows token to delete a Workload Catalogue Version
workloads:DeleteWorkloadticktickcrossAllows token to deactivate a Workload
accounts:ReadAccountstickticktickAllows token to view Accounts
accounts:CreateAccounttickcrosscrossAllows token to create an Account
accounts:UpdateAccounttickcrosscrossAllows token to update an Account name, description and tags
accounts:ReadAccountTypestickticktickAllows token to view Account Types
accounts:CreateAccountTypetickcrosscrossAllows token to create an Account Type
accounts:UpdateAccountTypetickcrosscrossAllows token to update an Account Type
accounts:DeleteAccountTypetickcrosscrossAllows token to delete an Account Type
accounts:AddAccountTypeRoletickcrosscrossAllows token to add an AWS role to an Account Type
policies:ReadPoliciestickticktickAllows token to view Policies
policies:CreatePolicytickcrosscrossAllows token to create a Policy
policies:UpdatePolicytickcrosscrossAllows token to update a Policy
policies:DeletePolicytickcrosscrossAllows token to delete a Policy
policies:AttachPolicytickcrosscrossAllows token to attach a Policy to an Organization
policies:DetachPolicytickcrosscrossAllows token to detach a Policy from an Organization
accounttypes:UpdateAccountTypeMemberstickcrosscrossAllows token to move accounts between Account Types
accounttypes:UpdateAccountTypePoliciestickcrosscrossAllows token to add or remove Policies from an Account Type
organisations:ReadOrganisationtickticktickAllows token to view their Organization details
tasks:ReadTaskstickticktickAllows token to view the status of a task
tasks:ReadTasksbyStatustickticktickAllows token to view tasks by status
alias:CheckAliasAvailabilitytickticktickAllows token to check if a Customer Alias is already in use

See also