Provisioning tokens through Delivery API

This document guides you through the process of provisioning, deleting, and managing tokens for the Arc XP Delivery API. These tokens fall into two categories:

• Developer Tokens, generated in Developer Center, are used to call the Delivery API itself (for example, to provision and assign Headless API tokens).
• Headless API Tokens, provisioned through the Delivery API, are used to authenticate calls to headless Arc XP products.

Our system supports a limit of 30 Headless API tokens for Sandbox environments and 30 for Production environments.

Prerequisite to access the Delivery API (/delivery-api/v1/access/keys)

Provisioning your organization with the Headless API

You must have a headless organization provisioned before accessing this API endpoint. Contact Arc XP Customer Support to provision your organization.

Generate a Developer Token

1. Navigate to Developer Center.
2. Click New Access Token.
3. Select the All access (admin) option, and click Create token.
4. Enter a token description.
5. Click Generate token.

Note

Use this token for accessing the Delivery API only, not with the headless API.

Managing Headless API Tokens

Our API provides functionality to provision, retrieve, and assign access tokens. Refer to the Arc XP Delivery API documentation and follow the steps below to manage your tokens:

Provisioning a Headless API Token

• Ensure you are within the token limit for your chosen environment (Sandbox or Production).

• To provision a new token, make a request POST /delivery-api/v1/access/keys

  "notes": "<User defined Notes max 4000 characters>",
  "created_by": "<username to be added by the user>"

• You can create only one token at a time.

• Tokens are created in a default collection (per org/env) and can be assigned to any headless Arc Product that requires tokens.

Assigning a Headless API Token

• Once tokens are created, you can see them all by requesting GET /delivery-api/v1/access/keys.

• To retrieve the available key collections (these associate the token to the API) to assign the tokens to, make a request to GET /delivery-api/v1/access/key-collections.

• Use the responses of each of those endpoints to get the key IDs (IDs of the tokens) that you want to assign and collection IDs you want to assign them to and make a request POST /delivery-api/v1/access/keys/assign with the following required fields:

  {
    "key_ids": [123],
    "collection_ids": [234]
  }

Using a Headless API Token

• Pass the token in the X-API-Key request header when calling a headless API:

  X-API-Key: <your-token>

Deleting a Headless API Token

• Make a request DELETE /delivery-api/v1/access/keys/{key_id} using an ID retrieved from the GET endpoint described above.
• You can delete only one token at a time.

FAQs

Can the token limit be increased?

The token limit cannot be increased. We continually evaluate customer feedback and may increase the token limit accordingly in the future.

When I retrieve the token, I see “expiry time” in the response body, what does it imply?

The expiry_time field will be null and is included in the response as it’s an ISO 8601 specified field.