Breadcrumbs

API Access Management

The API Access feature allows admins to generate and manage tokens for the Enpass Business API. These tokens authorize programmatic access to organization-level data, enabling integrations with internal dashboards, automation workflows, and Governance, Risk, and Compliance (GRC) tools.

Access Restriction: This feature is only visible to Super Admins.

  1. Log in to the Enpass Admin Console.

  2. Navigate to Settings from the left panel.

  3. Select API Access from the settings list.

The Base URL for all API endpoints is displayed on this screen.

Screenshot 2026-05-11 at 17.53.09.png

Managing Tokens

Create a New Token

You can maintain a maximum of five active tokens concurrently.

  1. Click Create token to open the configuration panel.

  2. Name — Enter a unique, identifiable name for the token.

  3. Scope — Select one or more permission sets:

Scope

Data Access

Onboarding & Adoption

License usage, onboarding progress, and adoption metrics

Security Audit

Organization-wide security health and risk summaries

Vault Summary

Metadata and security health for individual vaults

  1. Expiry — Choose a number of days, or set the token to never expire.

  2. Click Create token.

Security Requirement: The generated token is displayed only once. Copy and store it in a secure location immediately — it cannot be retrieved later.

Screenshot 2026-05-11 at 17.20.19.png


View Token Details

  1. In the API Access table, click the Menu (⋮) icon next to the desired token.

  2. Select View details.

The Token Details panel shows:

  • Masked Token — Only the last four characters are visible for identification.

  • Permissions — The scopes assigned to the token.

  • Metadata — The admin who created the token, the creation date, and the last used timestamp.

Revoke or Delete a Token

Deleting a token immediately and permanently revokes API access for all systems using that credential.

  1. In the API Access table, click the Menu (⋮) icon next to the token you want to remove.

  2. Select Delete token.

  3. Confirm the action in the pop-up by clicking Delete.

  4. A confirmation banner will appear once the token has been successfully deleted.

Note: This action cannot be undone. Ensure all integrations using the token are updated before deleting.

Token Best Practices

  • Use a separate token per integration so that access can be revoked independently.

  • Apply the minimum required scope for each token.

  • Set an expiry date for tokens used in short-term workflows.

  • Rotate tokens periodically and delete any that are no longer in use.

  • Store tokens in a secrets manager or secure vault — never in source code or plain text files.