Goal: Enable automation and bootstrapping of Quay deployments without a dependency on the Quay UI to interactively generate API (Application) tokens.

Background: In order to automate Quay via its own API, an Application needs to be created first in order to mint an (API) token, with a desired scope. This can only be done via the Quay UI today and this presents a barrier to integrate Quay in automation workflows or bootstrap a vanilla Quay deployment, where UI access is not available.

Requirements:

• present a way to mint API tokens without the need of an interactive users leveraging the Quay UI
• sufficiently protect this way of generating API tokens based on pre-seeded identities / secrets or identities in the system
• by default this endpoint should be disabled, but should be enabled via the Quay config file