Managing Access Tokens

Control API access to your configuration data.

CloudTruth API Access Tokens

A CloudTruth API token can be used with the CloudTruth CLI and for bearer authorization with the GraphQL API. The API token is scoped at the user level and allows programmatic access for configuration management across the organization.

Creating an API Access Token

Open the CloudTruth API administration screen by selecting your user account and clicking CloudTruth API .

Click Generate New Token​ and select the desired token permissions, provide a Token name and then click ​Create Token. The Token name and permissions can be updated at any time after creation from the manage token menu.

Token Permission


Read Only

Only allow reading from the Parameter Store .


Allows read, write, delete and modify from the Parameter Store .

Copy your access token now and secure it in a safe place. The token is only available at initial creation and will need to be regenerated if it is lost. Once you navigate away from this page, the token string will not be displayed, and the option to copy will not appear.

Regenerating an API Access Token

If needed, you can re-generate the token string from the manage token link under the token menu.

From the token menu select Manage Access Token.

When regenerating a token all references to that token will need to be updated.

Click Regenerate Token and copy your Access Token.

Revoking API Access Tokens

API Tokens can be removed individually from the CloudTruth API menu by deleting specific tokens.

You also have the option of revoking all tokens with a single action.