API Tokens
API tokens give you programmatic access to IBEE Solutions services. Tokens are managed at the organization level under Settings > API Tokens. When creating a token, choose one of three access policies:
Before you begin
- An active IBEE Solutions organization (Create an organization)
- A verified identity (Verify your identity)
Identity verification is required to create API tokens. If you haven’t verified, the Create API Token button shows Verify Identity and redirects to the verification page.
Create a token
Go to API Tokens
In the portal sidebar, click API Tokens under Settings. The page shows two tabs: API Tokens (platform tokens) and S3 Credentials.
Choose an access policy
Select one of three access policies from the Access policy dropdown.
Entire Organization
The token has access to all workspaces in the organization. Choose this for organization-wide API automation.
Set permissions for each resource:
Select Read and/or Edit for each resource. At least one permission must be selected.
Set a Token expiration: No expiration, 7 days, 30 days, 90 days, or 1 year.
Specific Workspaces
The token is scoped to selected workspaces only. After choosing this policy, a workspace selector appears — pick one or more workspaces.
Permissions and expiration options are the same as Entire Organization, but the token only works within the selected workspaces.
S3 Buckets
Creates S3-compatible credentials (Access Key ID + Secret Access Key) for a specific workspace’s Object Storage. Use this policy when you need S3 credentials for AWS CLI, rclone, or any S3-compatible client.
-
Select a workspace (required) — the workspace whose Object Storage this credential accesses.
-
Choose a permission level:
- Specify bucket scope (for Object Read & Write / Object Read only):
- Apply to all buckets in the selected workspace (including newly created buckets)
- Apply to specific buckets only — a bucket selector appears to pick individual buckets
Save your credentials
After creation, credentials are displayed once. Copy them immediately.
Platform tokens (Entire Organization / Specific Workspaces)
S3 credentials
Copy your credentials now. The Secret Access Key and Bearer Token are not shown again. If you lose them, revoke the token and create a new one.
Manage tokens
The API Tokens page has two tabs:
- API Tokens — lists platform tokens (Entire Organization and Specific Workspaces)
- S3 Credentials — lists S3 credentials, with a workspace filter dropdown
Each token shows:
Revoke a token
Click Revoke in the Actions column. Revoked tokens lose access immediately and cannot be restored. Create a new token if access is needed again.
Use S3 credentials with tools
AWS CLI
rclone
Troubleshooting
Create API Token button shows “Verify Identity” Complete identity verification before creating tokens.
Create button is disabled At least one permission must be selected. For Specific Workspaces, select at least one workspace. For S3, select a workspace.
Secret Access Key not saved The Secret Access Key is shown once only. Revoke the credential and create a new one.
S3 authentication failing Verify you are using:
- The correct S3 Endpoint:
https://WORKSPACE-ID.blob.ibeestorage.com - The Access Key ID and Secret Access Key from the same credential
