Creating A-Side Service Tokens

A service token is a unique Equinix Fabric key that grants authorization to an interconnection asset.

An A-side service token allows a user or customer to create a connection from your Fabric port to other destinations on Fabric. It enables aggregated use of your A-side Fabric port and eliminates the need for you, the provider or reseller, to understand or be aware of unique requirements per connection.

Create an A-side service token to authorize use of your Equinix Fabric port to allow your users or customers to connect to cloud providers, network providers, or any other Equinix Fabric destination. As the owner of the A-side port, you are billed for the virtual connections provisioned by your users or customers who redeem your a-side tokens.

note

If an A-side service token has been shared with you by a provider, reseller, carrier, or service provider, see Redeeming an A-side Token.

In order to create a service token, you must have:

• An Equinix Fabric account, with one of the following roles: Fabric Manager, Fabric Connection Manager, Fabric Service Provider, Fabric Service Profile Manager, or End Customer Fabric Manager.
• Access permissions to the port that you want to create a service token for.
• If you are using the API, authenticate by exchanging your client ID and client secret for an access token. See API Authentication for details.

A-side Token Options

Connection Settings:

• VLANs - Depending on the type of Port, you need to provide the encapsulation and VLAN information needed to make the connection. If you are using a Dot1q port, provide a VLAN ID. If you are using a QinQ port, provide the VLAN S-tag and C-tag.

• Maximum Bandwidth - Specify the maximum bandwidth of the connection. Your user or customer is able to set the connection speed up to the bandwidth limit.

• Allow Remote Connections - Specify whether to allow remote connections to your port. If you allow remote connections, your user or customer can create connections that terminate in a different Metro than your port. Not allowing remote connections limits connections to only destinations as the same Metro as your port.

Service Token Settings:

• Expiration - You must set an expiration date for the service token. Your customer or user must use the token to create a connection before the expiration date. If the token expires, it can not be used to create a connection, and you have to create a new token.

• Service Token Recipients - Send the service token to up to 12 recipients over email. A token is single-use; only one of the recipients is able to use the token.

Create a Service Token

Portal

To create an A-side service token:

1. Sign in to the Customer Portal > Fabric Dashboard.

2. From the Service Tokens menu, select Create Service Token.

Service Token Type

1. In the Service Token Type section, select A-side Service Token.

2. In the A-side Asset section, Port is automatically selected.

   

3. Click + Select Port, choose a port from the list of eligible Ports in the current project. Click Select Port.

   

Click Next.

Connection Settings

In Connection Settings:

1. Enter the VLAN information for your Port.

2. Select the maximum bandwidth for connections from your Port.

3. To allow remote connections, check the Allow Remote Connections check box.

Service Token Settings

In Service Token Settings:

1. Enter or choose an expiration date for the service token. The maximum expiration time is 90 days.

   

2. Enter the email addresses of users who will receive this service token. This token can only be used one time by any of the recipients.

   

Click Next.

Review

Review the service token information in the Service Token Type, Connection Settings, and Service Token Settings sections. If you need to change the information, click Back.

Important

Once you create an A-side service token and share it with your user or customer, they have full permission to create a connection from the port defined by the service token. You, the creator of the A-side token and the owner of the Port, are billed for the connection made by your user or customer.

When the service token information is correct, click Create Service Token.

API

To create an a-side service token, send a POST request to the /fabric/v4/serviceTokens endpoint. Provide your service token settings, connection settings, and port details in the body of the request.

Service Token Settings

• expirationDateTime - Specify the expiration date for your service token in ISO 8601 datetime format. The expiration must be within the next 90 days.
• notifications - Specify up to 12 recipients of the service token in the notifications object. Set notifications.type as NOTIFICATION and enter the emails in notifications.emails.

Connection Settings

• allowRemoteConnection - Setting allowRemoteConnection to true allows your user or customer to create connections from your port to destinations in different Metros. Setting to false limits connections to destinations in the same Metro as the port.
• bandwidthLimit - Use the bandwidthLimit parameter to set the maximum bandwidth for a connection created using this service token.

Port Selection

• Specify which port you are granting access to in the aSide.accessPointSelectors object. Set accessPointSelectors.type as COLO. Specify the port in port.uuid.
• Use the linkProtocol object to specify the encapsulation and VLAN details of the port.

Sample cURL Request:

curl -X POST 'https://api.equinix.com/fabric/v4/serviceTokens'  
-H 'Content-Type: application/json'  
-H 'Authorization: Bearer <token>' 
-d '{
  "type": "VC_TOKEN",
  "expirationDateTime": "<token_expiration_date>",
  "connection": {
    "type": "EVPL_VC",
    "allowRemoteConnection": <boolean>,
    "bandwidthLimit": <bandwidth_value>,
    "aSide": {
      "accessPointSelectors": [
        {
          "type": "COLO",
          "port": {
            "uuid": "<port_uuid>"
          },
          "linkProtocol": {
            "type": "DOT1Q",
            "vlanTag": <vlan_id>
          }
        }
      ]
    }
  },
  "notifications": [
    {
      "type": "NOTIFICATION",
      "emails": [
        "<token_recipient_email>",
        "<token_recipient_email>"
      ]
    }
  ]
}'

note

The /fabric/v4/serviceTokens endpoint supports the dryRun query parameter for testing purposes.

Service Token Status

Once you have created a service token, you can check its status, including whether it has been redeemed by your user or customer. If the status is Inactive, the service token hasn't been redeemed yet. If the status is Active, the service token has been redeemed.

If the status is Expired, the service token has reached its expiration date without being redeemed by your user or customer.

Portal

To check your service token status, sign into the Customer Portal and navigate to your Service Token Inventory

API

To check the status of your service tokens, send a GET request to the /fabric/v4/serviceTokens endpoint. The response includes a list of your service tokens along with their statuses in the state field.

Sample cURL Request:

curl -X GET 'https://api.equinix.com/fabric/v4/serviceTokens'  
-H 'Authorization: Bearer <token>'

More information on managing service tokens is available on the Service Token Inventory page.