Authorization
Nullplatform has a powerful role-based access control schema that is based on the following concepts:
- Users. Every action is initiated by a user, who can be a person or a machine user.
- Actions. Every API endpoint specifies the action that is associated with its execution and for which users will
need to have a grant on (eg:
scope:read). - Grants. A grant (sometimes referred to as 'permission') is an authorization to execute certain action
(eg:
scope:read) on a certain NRN (eg:organization=1:...:scope=5). Learn more about NRN here. - Roles. Roles are a handy way to assign a bag of low-level actions to a user. A role by itself is useless unless it is granted at a certain resource (NRN).
Roles
Every user has one or more roles that regulate which actions that user can execute. We have roles that are oriented towards managers, developers, operations, security, CI, and more.
You can read more about this on the roles section.
API keys for machine users
If you have a system that will interact with nullplatform programmatically (eg: CI workflow), you have to create an API key with the appropriate roles. See:
- Manage your API keys using the API to create and manage your API keys programmatically.
- Configure API keys with IaC if you prefer to configure your API keys using infrastructure-as-code (IaC) tools.
Access tokens
Most API endpoints require an access token sent in the HTTP header:
Authorization: Bearer <your-access-token>
The way you obtain the token depends on the type of user.
Human users
To retrieve your personal access token:
- Log in to nullplatform.
- Click your user menu (the circle with your initials/user avatar) in the top-right corner.
- From the dropdown menu, select Copy personal access token.
Alternatively, you can use the legacy Chrome extension to retrieve the access token.
⚠️ Note: The Chrome extension remains functional but is no longer actively maintained or supported. We recommend using the access token available directly from the platform UI whenever possible.
Machine users
Machine users (scripts, automations, or integrations) must authenticate using an API key and obtain access tokens from it. See the API keys section to learn how to generate and use API keys.