How to Create an API Token for Proxmox VE

“Proxmox Virtual Environment is a complete, open-source server management platform for enterprise virtualization. It tightly integrates the KVM hypervisor and Linux Containers (LXC), software-defined storage and networking functionality, on a single platform. With the integrated web-based user interface you can manage VMs and containers, high availability for clusters, or the integrated disaster recovery tools with ease.” from Proxmox.com

You can authenticate to the Proxmox API using a user/password or using an API token. An API token is useful because it let’s you fine tune permissions to the task at hand, and if you need to revoke a token, it won’t impact the user that it’s associated with. Also, I liked the simplicity of using the same authentication header with each API call. With user/password authentication, I didn’t want to manage a ticket cookie over multiple API calls.

This blog post documents how to create an API token.

  1. Go to Datacenter > Permissions > Groups
    • Click the Create button to create a new group, call it for example “provisioning”
  2. Go to Datacenter > Permissions > Users
    • Click the Create button to create a new user
    • User name: for example “provisioner”
    • Realm: “Proxmox VE authentication server” (or you can select “Linux” but you will need to set the password on the Linux command line)
    • Group: select the group you created earlier
    • Click Add
  3. Go to Datacenter > Permissions
    • This will set permissions for the group, click Add
    • Path: To allow the permissions to be applied anywhere in Proxmox, select “/”, or to refine where they get applied, select that specific path.
    • Select Role, for example “Administrator”, or a more restrictive role depending on what you intend to do.
  4. Go to Datacenter > Permissions > API Tokens, to create the actual token
    • Click Add
    • Select the User you created above
    • Token ID: Type a name for the token, for example “prov”
    • When you click Add, the Token Secret will be displayed. It will only be displayed once, at creation, so copy it to a secure location. It is a string in the form of 36 random-ish characters.

One thought on “How to Create an API Token for Proxmox VE”

Leave a Reply

Your email address will not be published. Required fields are marked *