# API tokens and Service Accounts API Tokens and Service Accounts in CERTInext enable secure, non-interactive access to the platform for automation, integrations, and system-to-system communication. This capability is designed for environments where certificate lifecycle operations must be performed programmatically without relying on individual user credentials. Service accounts represent non-human identities created specifically for automated workflows such as CI/CD pipelines, DevOps tooling, provisioning systems, and external integrations. #### How Service Accounts Work A service account is created within CERTInext with a defined role and permission scope. API tokens generated for the service account inherit these permissions and determine what actions the automation is allowed to perform. Typical use cases include: * Automated certificate issuance and renewal * Integration with deployment and configuration management tools * Certificate provisioning through scripts or pipelines * Scheduled or event-driven lifecycle operations Service accounts operate independently of human users, ensuring automation continues uninterrupted even when personnel change. #### API Token Management API tokens are used to authenticate API requests initiated by service accounts. CERTInext allows administrators to: * Generate multiple API tokens per service account * Scope tokens to specific permissions and operations * Set expiration or rotation policies * Revoke tokens immediately if compromise is suspected Each API request made using a token is logged with the associated service account identity, providing full traceability. #### Security and Audit Controls To maintain strong security posture: * API tokens never expose user passwords * Tokens can be rotated without impacting user access * All API activity is recorded in audit logs * Permissions follow the principle of least privilege This approach ensures automation remains secure, controlled, and auditable. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/user-roles-and-access-control/api-tokens-and-service-accounts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.