Create the Bootstrap Token

The bootstrap token is a token that allows you to access the API resources of an Organization after the Organization has been created. You use the bootstrap token to set up authentication for the Organization.

Access-control lists (ACLs) that prevent users from viewing and editing all entities in the Organization are currently not available and will be delivered in future releases.

Create the Bootstrap Token

To create the bootstrap token, do the following:

Construct a token string.
Encode the token string using Base64.

Construct a Token String

To construct the token string, use the following format:

<adminUser>:bootstrap:<adminPassword>

where:

<adminUser> is the username of the Organization administrator. <adminUser> is defined in the YAML definition of the Organization custom resource.
<adminPassword> is the password of the Organization administrator. <adminPassword> was created when you generated its salted hash for the YAML definition of the Organization custom resource.
To construct the token string, use the administrator’s password in plain text, not its salted hash.

Example: If your administrator’s username is admin and the administrator’s password is MySecretPassword, the token string should be constructed as follows:

admin:bootstrap:MySecretPassword

Encode the Token String Using Base64

To encode the token string using Base64, use one of the following methods:

From the command line, run the following command (admin and MySecretPassword are used as an example administrator’s username and password in the following code sample):
```
echo -n 'admin:bootstrap:MySecretPassword' | base64
```
Make sure to keep the -n option in the echo command. The -n option suppresses a newline at the end of the generated string. If the -n option is not included in the command, the resulting token will not be valid.
Use any free online tool for Base64 encoding (for example, https://www.base64encode.org/, where the encoding is done on the client’s side and the password is not sent anywhere).

The bootstrap token looks similar to the following:

YWRtaW46Ym9vdHN0cmFwOk15U2VjcmV0UGFzc3dvcmQ=

Copy and store the bootstrap token. Because the bootstrap token grants unlimited access to the Organization, keep it safe.

Use the Bootstrap Token in HTTP Requests

To authenticate using the API token, add the $GDC_API_TOKEN to header for your HTTP request.

Example: Adding the Authorization header using the -H option in the cURL command-line tool

curl -H "Authorization: Bearer YWRtaW46Ym9vdHN0cmFwOk15U2VjcmV0UGFzc3dvcmQ=" \
     -H "Content-type: application/json" -d '{"some": "payload"} \
     https://analytics.alpha.example.com/api/some/api

If you use a different tool for sending HTTP requests, see the tool’s user documentation for information about how to configure request headers.

Use a Built-in OIDC Identity Provider