Terraform Cloud supports three distinct types of API tokens with varying levels of access: user, team, and organization. API tokens are displayed only once when they are created, and are obfuscated thereafter. If the token is lost, it must be regenerated.
User tokens are the most flexible token type because they inherit permissions from the user they are associated with.
Team API tokens allow access to the workspaces that the team has access to, without being tied to any specific user. Each team can have one valid API token at a time, and any member of a team can generate or revoke that team's token. When a token is regenerated, the previous token immediately becomes invalid.
Organization API tokens allow access to the organization-level settings and resources, without being tied to any specific team or user. To manage the API token for an organization, go to Organization settings > API Token and use the controls under the "Organization Tokens" header. Each organization can have one valid API token at a time. Only organization owners can generate or revoke an organization's token.
curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request DELETE \ https://app.terraform.io/api/v2/authentication-tokens/at-6yEmxNAhaoQLH1Da
Updated 10 months ago