Admin Token API
# Admin Token API
## Overview
This Epic aims to develop and implement an Admin Token API for GitLab, enhancing the platform's capabilities in managing and controlling access tokens at an administrative level.
## Objectives
1. Design and implement a robust API for creating, managing, and revoking admin-level access tokens.
2. Enhance security measures for admin token generation and usage.
3. Provide comprehensive documentation for the Admin Token API.
4. Implement proper access controls and permissions for using the Admin Token API.
## Key Features
- Create admin tokens with customizable scopes and expiration dates
- List and manage existing admin tokens
- Revoke admin tokens individually or in bulk
- Audit logging for admin token activities
- Integration with GitLab's existing authentication and authorization systems
## Success Criteria
- The Admin Token API is fully functional and thoroughly tested
- Documentation is complete and easily accessible
- The API adheres to GitLab's security standards and best practices
- Performance impact on the system is minimal
## Out of Scope
- User-level token management (covered by existing APIs)
- Changes to the core authentication mechanisms of GitLab
This Epic will improve GitLab's administrative capabilities, allowing for more granular control over system-wide access and enhancing overall platform security.
## Coordination
| Token Type | Team | Respective EMs, PMs and AppSec SC
|------------|------|------|
| Personal access token | ~"group::authentication" | Already involved in this issue |
| OAuth Application Secret | ~"group::authentication" | Already involved in this issue |
| Impersonation token | ~"group::authentication" | Already involved in this issue |
| Project access token | ~"group::authentication" | Already involved in this issue |
| Group access token | ~"group::authentication" | Already involved in this issue |
| Deploy token | ~"group::environments" | @nmezzopera @nagyv-gitlab @ameyadarshan Please see [the discussion below](https://gitlab.com/groups/gitlab-org/-/epics/15777#note_2301038329) for context |
| Runner authentication token | ~"group::runner" | @nicolewilliams @DarrenEastman @cmaxim Please see [the discussion below](https://gitlab.com/groups/gitlab-org/-/epics/15777#note_2301038329) for context |
| CI/CD Job token | ~"group::pipeline security" & ~"group::authentication" | @shampton @jocelynjane @greg Please see [the discussion below](https://gitlab.com/groups/gitlab-org/-/epics/15777#note_2301038329) for context |
| Trigger token | ~"group::pipeline execution" | @carolinesimpson @rutshah Please see [the discussion below](https://gitlab.com/groups/gitlab-org/-/epics/15777#note_2301038329) for context |
| Feed token | ~"group::authentication" | Already involved in this issue |
| Incoming mail token | ~"group::authentication" | Already involved in this issue |
| GitLab agent for Kubernetes token | ~"group::environments" | @nmezzopera @nagyv-gitlab @ameyadarshan Please see [the discussion below](https://gitlab.com/groups/gitlab-org/-/epics/15777#note_2301038329) for context |
| GitLab session cookies | ~"group::authentication" | Already involved in this issue |
| SCIM Tokens | ~"group::authentication" | Already involved in this issue |
| Feature Flags Client token | ~"group::environments" | @nmezzopera @nagyv-gitlab @ameyadarshan Please see [the discussion below](https://gitlab.com/groups/gitlab-org/-/epics/15777#note_2301038329) for context |
epic