管理 API 權杖Managing API tokens

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security

重要

Microsoft 的威脅防護產品名稱即將變更。Threat protection product names from Microsoft are changing. 如需有關此變更的詳細資訊與其他更新,請參閱這裡Read more about this and other updates here. 我們將在不久的將來更新產品與文件中的名稱。We'll be updating names in products and in the docs in the near future.

若要存取 Cloud App Security API,您必須建立 API 權杖,並在您的軟體中使用它來連接到 API。In order to access the Cloud App Security API, you have to create an API token and use it in your software to connect to the API. 當 Cloud App Security 提出 API 要求時,此權杖將會包含在標頭中。This token will be included in the header when Cloud App Security makes API requests.

[API 權杖] 索引標籤可讓您協助管理租用戶的所有 API 權杖。The API tokens tab enables you to help you manage all the API tokens of your tenant.

產生權杖Generate a token

  1. 在 [設定]**** 功能表上,選取 [安全性延伸模組]****,然後選取 [API 權杖]****。On the Settings menu, select Security extensions and then API tokens.

  2. 按一下加號圖示,產生新權杖並提供未來識別權杖的名稱,然後按一下 [下一步]****。Click the plus icon, Generate new token and provide a name to identify the token in the future, and click Next.

    Cloud App Security 產生 API 權杖

  3. 複製權杖值並儲存至某處以供復原 (如果您遺失權杖,則必須重新產生權杖)。Copy the token value and save it somewhere for recovery - if you lose it you need to regenerate the token. 權杖將具有發出權杖之使用者的權限。The token has the privileges of the user who issued it. 例如,安全性讀取者無法發出可改變資料的權杖。For example, a security reader can't issue a token that can alter data.

  4. 您可以依狀態篩選權杖:[使用中]、[非使用中] 或 [已產生]。You can filter the tokens by status: Active, Inactive, or Generated.

    • 產生: 從未使用過的權杖。Generated: Tokens that have never been used.
    • 有效: 過去七天內產生和使用的權杖。Active: Tokens that were generated and were used within the past seven days.
    • 作用中:過去七天內使用的權杖,但沒有任何活動。Inactive: Tokens that were used but there was no activity in the last seven days.
  5. 在產生新權杖之後,系統會提供您用來存取 Cloud App Security 入口網站的新 URL。After you generate a new token, you'll be provided with a new URL to use to access the Cloud App Security portal.

    Cloud App Security API 權杖

    一般入口網站 URL 依然可用,但速度會比隨權杖提供給您的自訂 URL 慢上許多。The generic portal URL continues to work but is considerably slower than the custom URL provided with your token. 如果您不記得 URL,只要到功能表中的 ?If you forget the URL at any time, you can view it by going to the ? 圖示選取 [關於]****,即可隨時檢視。icon in the menu and selecting About.

API 權杖管理API token management

API 權杖頁面包含已產生之所有 API 權杖的資料表。The API token page includes a table of all the API tokens that were generated.

完整權限系統管理員會看到為此租用戶產生的所有權杖。Full admins see all tokens generated for this tenant. 其他使用者只會看到他們自行產生的權杖。Other users only see the tokens that they generated themselves.

此資料表提供有關權杖產生時間及上次使用時間的詳細資料,並可讓您撤銷權杖。The table provides details about when the token was generated and when it was last used and allows you to revoke the token.

撤銷權杖之後,權杖即從資料表中移除,而且使用該權杖的軟體在提供新權杖之前將無法進行 API 呼叫。After a token is revoked, it's removed from the table, and the software that was using it fails to make API calls until a new token is provided.

注意

SIEM 連接器和記錄收集器也會使用 API 權杖。SIEM connectors and log collectors also use API tokens. 這些權杖應該從記錄收集器和 SIEM 代理程式區段進行管理,因此不會出現在此資料表中。These tokens should be managed from the log collectors and SIEM agent sections and do not appear in this table.

若您遇到任何問題,我們隨時提供協助。If you run into any problems, we're here to help. 若要取得產品問題的協助或支援,請建立支援票證To get assistance or support for your product issue, please open a support ticket.

請觀賞這部影片!Check out this video!

Microsoft Cloud App Security – REST API 和權杖Microsoft Cloud App Security – REST API's and Tokens