Obtaining refresh token for BlueXP customers

SamMoxie · ‎2025-05-14

We are BlueXP customers with one organization setup "ZOOne Moxie" and within *same organization* there are multiple different projects - AMER-DEV, AMER-PROD, EU-PROD, US-TEST.
To obtain "Refresh token" for project "AMER-DEV" we have used link https://services.cloud.netapp.com/refresh-token.
-- Will there be *one* "Refresh Token" per *organization base* OR there will be *different token for each individual project* within given organization (ZOOne)?

If there is Refresh token is separate for each project in one organization then How do we get refresh token per project.

kovacs · ‎2025-07-17

I'm assuming that you have already found the information you are looking for, however for the future benefit of the community I'll provide some details. The Refresh Token that you obtain from the BlueXP services page is a global token for the entire account. If you want to use principles of least privilege, I recommend using a service account in BlueXP Identity and Access Management (IAM). When using a service account you can grant privileges at the Project or folder level to prevent the account from accessing other projects/folders via the BlueXP API.
Access BlueXP IAM by selecting the Gear icon in the upper right corner, choosing "Identity and Access Management" and selecting the "Members" tab. Choose "Add a Member" and select the radio button for service account. Select the level you want to grant access for the service account, along with the role and Add it. Don't forget to copy and save the Client ID and secret in a safe place, you only have one opportunity to save it.

Obtaining refresh token for BlueXP customers

New video on NetApp KB TV

New video on NetApp KB TV

Site Operation Hours via NSS