Access Tokens

HYPR Control Center Standard

Select Access Tokens in the Control Center left navigation pane to create and manage API tokens and Workstation Installation tokens.

API Tokens

The Control Center exposes a set of APIs you can use to perform user management tasks programmatically rather than through the UI. For example, you could create a script that deletes workstation users through an API request rather than through the Control Center. Please see the API documentation for more information.

The APIs use access tokens as an authorization mechanism for your API requests. As an administrator, you’ll need to create an access token through the Control Center then include the token in every API request you submit.

API access tokens can be used in the following cases:

  • API requests for the Workstation user APIs, which require a token of type access-tokenDefaultApp. To create this type of access token, select HYPR Default Workstation Application (HYPRDefaultWorkstationApplication) as the Application during token creation.
  • API requests for the Control Center Admin APIs , which require a token of type CCAdminAccessToken. To create this type of access token, select Control Center Admin (controlCenterAdmin) as the Application during token creation.
  • API requests for Integrations you’ve created through the Integrations section in the Control Center, for example an Okta integration. For this type of access token, the Application you select during token creation is the name you gave the integration when you created it.

Workstation Installation Tokens

These tokens are used during the installation process for the HYPR Workforce Access Client. Whenever you install the Workforce Access Client, either for yourself or for other users, you must provide a Workstation Installation token (also called an endpoint security token). See the Workforce Access Client Installation instructions for more information. However, this token is given to you by HYPR after you sign up for the service and should not be changed. You use the same token for all installs. Typically you don’t need to create a token manually for this purpose. However, HYPR Support may occasionally ask you to create one.

1476

Creating Access Tokens

You can create both types of token in the Access Tokens section in the Control Center.

  1. Click Access Tokens in the Control Center left navigation pane.
  2. Click Create Token. If no tokens are listed, this button will be in the center of the pane. If tokens are already present in the list, it will appear in the upper right, above the list.
    • Type a display name for the new token in the Name your Token field. Choose a name that will help you identify the token's purpose. It can be any combination of characters and can include spaces.
    • Select an Application for which you need the token.
    • Select a token type. Click Next when finished.
804

📘

NOTE

HYPR Default Web Application (HYPRDefaultApplication) may appear in the list of choices. This Application is created by HYPR to support your instance of HYPR. You typically would not need to create an access token for the HYPR Default Web Application. If you decide to, HYPR Default Web Application only accepts API tokens, not Workstation Installation tokens.

  1. If you made a Workstation Token, skip this step. For API Tokens, you must assign Permission Types to the token. This will limit the functions that may be performed using the token. Once you have assigned Permission Types, click Next.
805
  1. This step provides the option to copy the generated access token. This is a one-time action; the token is never displayed again beyond this dialog.
    Click Copy Token & Close when finished.
971
  1. The following table displays. It shows the same information for both types of token.
Field NameDescription
TokenName of the token
PermissionsAccess to functions within Control Center.
Possible Values: App Config | User Mgmt | Authentication | Device Reg | Reporting
Created ByCreator of the token
Created OnDate of creation
Last UsedLast used by the clients for registration/authentication and de-registration
ExpiresTime left before the token expires (hover for the time). This value resets to 30 days after each use; if not used within 30 days of the last use, it will expire, a new token will need to be issued, and all commands using the expired token will need to be updated with the new one.
ActionsThe only available action as of this version is to Revoke the token

📘

Another Way

These tokens can also be managed from the Control Center Advanced Mode: [Select an Application] > Advanced Config > Access Tokens list.

Use the Access Token

An access token is provided on every request to the HYPR API HTTP endpoint. The request will fail if the token is missing or does not have permissions for the requested operation. The request will also fail if the token has expired, been revoked, or is invalid.

The access token must be sent in the Authorization header using the Bearer schema.

Here is an example of how to pass an access token using the cURL command. In the following example the access token is 7c839b65-9d28-4037-afc6-993fc5595cbf

curl https://staging1.gethypr.com/cc/api/stats/authenticator/logins \
  -H 'Authorization: Bearer 7c839b65-9d28-4037-afc6-993fc5595cbf'

Access tokens are initially valid for 30 days. Every time a request (an API request or a Workforce Access Client installation request) uses the token, the timer resets and the token is valid for an additional 30 days.

Revoking an Access Token

When you revoke an API access token, you’ll no longer be able to submit API calls for the entity to which the token applies (for example, an integration). In most cases, you won’t need to revoke access tokens. In some cases, HYPR Support may ask you to perform this task.

🚧

Risky Revocation

Avoid revoking a workstation endpoint security token unless HYPR Support recommends it. This token is used during the installation process for the HYPR Workforce Access Client. Although installations you’ve performed already won’t be affected if you revoke the token (the Workforce Access Client will run as usual for everybody), you won’t be able to install the Workforce Access Client for any new users. See the Workforce Access Client Installation instructions for details.

To revoke an access token, complete these steps:

  1. Open Access Tokens in the Control Center left navigation pane.
  2. Locate the access token you want to revoke.
  3. Click Revoke in the Actions column of that token.
278
  1. In the confirmation dialog, click Revoke Token.

Related Articles

Access Tokens in HYPR SDK for Java
Example API