API Tokens

API tokens give you programmatic access to IBEE Solutions services. Tokens are managed at the organization level under Settings > API Tokens. When creating a token, choose one of three access policies:

Access policyUse case
Entire OrganizationToken works across all workspaces — for API access to the full organization
Specific WorkspacesToken scoped to selected workspaces only
S3 BucketsCreates S3-compatible credentials for a specific workspace’s Object Storage

Before you begin

Identity verification is required to create API tokens. If you haven’t verified, the Create API Token button shows Verify Identity and redirects to the verification page.

Create a token

1

Go to API Tokens

In the portal sidebar, click API Tokens under Settings. The page shows two tabs: API Tokens (platform tokens) and S3 Credentials.

2

Open the create dialog

Click Create API Token.

3

Enter a name

FieldRequiredDescription
NameYesIdentifies the token (max 100 characters), e.g. “Production automation”
4

Choose an access policy

Select one of three access policies from the Access policy dropdown.

Entire Organization

The token has access to all workspaces in the organization. Choose this for organization-wide API automation.

Set permissions for each resource:

ResourceReadEdit
GPU VMsView GPU virtual machinesCreate, modify, delete GPU VMs
Cloud VMsView cloud virtual machinesCreate, modify, delete Cloud VMs
Object StorageView Object StorageCreate, modify, delete storage resources
Load BalancerView load balancersCreate, modify, delete load balancers
Secret ManagerView secretsCreate, modify, delete secrets
BillingView invoices, orders, balanceNo edit permission (read only)

Select Read and/or Edit for each resource. At least one permission must be selected.

Set a Token expiration: No expiration, 7 days, 30 days, 90 days, or 1 year.

Specific Workspaces

The token is scoped to selected workspaces only. After choosing this policy, a workspace selector appears — pick one or more workspaces.

Permissions and expiration options are the same as Entire Organization, but the token only works within the selected workspaces.

S3 Buckets

Creates S3-compatible credentials (Access Key ID + Secret Access Key) for a specific workspace’s Object Storage. Use this policy when you need S3 credentials for AWS CLI, rclone, or any S3-compatible client.

  1. Select a workspace (required) — the workspace whose Object Storage this credential accesses.

  2. Choose a permission level:

PermissionWhat it allows
Admin Read & WriteCreate, list, delete buckets; edit bucket configuration; read, write, and list objects
Admin Read onlyList buckets; view configuration; read and list objects
Object Read & WriteRead, write, and list objects in selected buckets
Object Read onlyRead and list objects in selected buckets
  1. Specify bucket scope (for Object Read & Write / Object Read only):
    • Apply to all buckets in the selected workspace (including newly created buckets)
    • Apply to specific buckets only — a bucket selector appears to pick individual buckets
5

Create the token

Click Create API Token (for platform tokens) or Create Credential (for S3).

6

Save your credentials

After creation, credentials are displayed once. Copy them immediately.

Platform tokens (Entire Organization / Specific Workspaces)

CredentialFormatUse
Bearer Tokenibee_v4_...Authorization header for the IBEE REST API

S3 credentials

CredentialFormatUse
Access Key IDAKIA...S3 credential for AWS CLI, rclone, and S3-compatible tools
Secret Access KeyShown once onlyS3 credential — copy immediately
S3 Endpointhttps://WORKSPACE-ID.blob.ibeestorage.comS3-compatible endpoint URL for the workspace

Copy your credentials now. The Secret Access Key and Bearer Token are not shown again. If you lose them, revoke the token and create a new one.

Manage tokens

The API Tokens page has two tabs:

  • API Tokens — lists platform tokens (Entire Organization and Specific Workspaces)
  • S3 Credentials — lists S3 credentials, with a workspace filter dropdown

Each token shows:

ColumnDescription
NAMEToken name
PRODUCTSPermission scopes granted
CREATEDCreation date
EXPIRESExpiry date (or “Never”)
STATUSActive / Expired
ACTIONSRevoke

Revoke a token

Click Revoke in the Actions column. Revoked tokens lose access immediately and cannot be restored. Create a new token if access is needed again.

Use S3 credentials with tools

AWS CLI

$aws configure set aws_access_key_id YOUR-ACCESS-KEY-ID
$aws configure set aws_secret_access_key YOUR-SECRET-ACCESS-KEY
$aws configure set default.region us-east-1
$
$# List buckets
$aws s3 ls --endpoint-url https://WORKSPACE-ID.blob.ibeestorage.com

rclone

1[ibee]
2type = s3
3provider = Other
4access_key_id = YOUR-ACCESS-KEY-ID
5secret_access_key = YOUR-SECRET-ACCESS-KEY
6endpoint = https://WORKSPACE-ID.blob.ibeestorage.com

Troubleshooting

Create API Token button shows “Verify Identity” Complete identity verification before creating tokens.

Create button is disabled At least one permission must be selected. For Specific Workspaces, select at least one workspace. For S3, select a workspace.

Secret Access Key not saved The Secret Access Key is shown once only. Revoke the credential and create a new one.

S3 authentication failing Verify you are using:

  • The correct S3 Endpoint: https://WORKSPACE-ID.blob.ibeestorage.com
  • The Access Key ID and Secret Access Key from the same credential