Software AG Products 10.7 | Using CentraSite | Runtime Governance | Access Token Management | Managing Access Tokens through CentraSite Business UI | Revoking Access Tokens as API Provider
 
Revoking Access Tokens as API Provider
An API Provider or an administrator will use the Asset Details page to revoke an access token.
After issuing an access token, you might want to revoke the token if you find a serious error in the virtual instance of an asset.
When you revoke an access token, access to the associated virtual asset, and its resources is blocked when you try to access them using that particular access token.
*You have configured the API key authentication or OAuth 2.0 token authentication using the API Consumption Settings action in the details page of the asset.
*A gateway instance (for example, Mediator) is up and running.
*To revoke access token as an API Provider
1. In CentraSite Business UI, access the Advanced Search panel in one of the following ways:
*Click the Browse link in the upper-left corner of the menu bar.
*Click the Search icon next to the Scope list. The default search scope is Assets.
This displays a list of assets for which you have View permission in the Search Results page.
2. In the Additional Search Criteria list, select Asset Types.
3. To search for the assets of any type of Service, click Choose.
4. In the Choose Asset Types dialog box, select the Assets option button, and then follow these steps:
a. Click the chevron next to Assets option button.
b. In the displayed list of asset types, select the required type of Service.
c. Click OK.
5. In the displayed list of Service assets, click the asset for which you want to display the API access key details.
This opens the Service Details page.
6. Locate the hyperlinked text N next to Consumers attributes in the Basic Information profile.
7. Click on the hyperlinked consumer name whose access token you want to revoke.
8. In the displayed list of access tokens, hover over the access token you want to revoke.
CentraSite displays one or more actions you can perform on the access token.
9. Click the Delete icon.
A confirmation message appears that the access token is revoked from the CentraSite Registry Repository.
10. Click Yes in the confirmation dialog box.
Once the access token revocation is processed, CentraSite sends an email message to the API Consumer informing that the request has been processed successfully.
CentraSite provides predefined email template for the access token revocation. By default, this template is configured in the centrasite.xml file. But, if you do not want to use the predefined email template, you can create and add your own email template to CentraSite, and configure the centrasite.xml file, as required.