2025-10-09
Changing Permissions to Generate Access Tokens in SwaggerUI
Currently, the ability to generate access tokens in SwaggerUI is limited to users who have permission to update member information. Going forward, to allow users who can access SwaggerUI to test APIs within the Kuroco admin panel, we will provide a feature that enables them to generate tokens associated with their own member ID sessions.
Accordingly, please note that the permissions required to generate access tokens will be changed as follows.
Changes
Static Access Tokens
Before:
- Users with API view permissions: Able to confirm tokens
- Users with API view and member update permissions: Able to create and delete tokens
After:
- Users with API view permissions: Able to confirm tokens
- Users with API update permissions: Able to create and delete tokens
Dynamic Access Tokens
Before:
- Users with API view and member update permissions: Able to generate tokens for any user ID (excluding superusers)
- Superusers: Able to generate tokens
After:
- Users with API update permissions: Able to generate their own tokens
- Users with API update, member update and group update permissions: Able to generate tokens for any user ID (excluding superusers)
- Superusers: Able to generate tokens
Cookies
Before: Superusers: Able to generate tokens
After:
- Users with API update permissions: Able to generate their own tokens
- Users with API update and member update and group update permissions: Able to generate tokens for any user ID (excluding superusers)
- Superusers: Able to generate tokens
Planned Date for Endpoint Addition
Stable: October 20, 2025
Contact
If you have any further questions regarding this matter, please feel free to contact Kuroco Support.
Support
If you have any other questions, please contact us or check out Our Slack Community.