Create Repository API Tokens

Security Requirements and Controls

Repository API tokens have the following parameters that will be unique to each API token created:

  • The permissions granted apply only to the repository or view in which the API token is created. The same token cannot be used to access or manage other repositories.

  • The permissions chosen from the token provide granular access to the specific area of API functionality. For example, granting only the specific permission Change data retention only provides the ability to change the data retention; access to other management functions on the repository will fail.

  • Tokens can be modified if the Update permissions setting is enabled within the Repository token security policy.

  • Repository tokens can be given an expiration time expressed as the number of minutes, hours or days from creation.

  • An IP filter can be configured to limit access to specific networks or hosts.

To create a new View API token:

  1. Go to the repository list and select the repository that you want to create an API token for.

  2. Click Settings in the top menu.

  3. Select Tokens under Access Control to go to the Repository tokens page.

  4. Click + Add new.

  5. Give the token a name.

  6. If the security policy allows for setting a custom IP filter, you can select the named IP filter from the pop-up. For more information on IP filtering, see IP Filters and Repository and View API tokens security policy for more information.

  7. If the security policy allows, you can set an expiration for the API token, based on the number of minutes, hours or days until the API token expires. If the security policy does not specify an expiration, you can optionally create an API token without an expiry time.

  8. Click Next.

  9. Select the permissions that you want to grant to the token. You can select as many permissions as required for the API token. Asset permissions can only be added to a token if Data Read Access is granted to the view; otherwise they are not available. For information on the permissions and what API endpoints they support, see Repository & View Permissions.

    Screenshot of the LogScale permission selection interface during repository token creation. The panel displays a comprehensive list of available permissions that can be granted to the new API token, organized into functional categories. Each permission has a checkbox for selection, allowing administrators to precisely configure which operations the token will be authorized to perform. The interface shows multiple permission types including data access permissions (such as 'Data Read Access'), management permissions (like 'Change data retention' and 'Delete events'), configuration permissions (including parser and token management), and automation permissions (such as managing alerts and scheduled searches). A note at the bottom of the interface indicates that certain asset-specific permissions are only available when 'Data Read Access' is granted. This granular permission selection ensures API tokens follow the principle of least privilege, with access limited only to the specific functionality required for their intended use. The panel includes navigation buttons at the bottom to proceed with token creation once the desired permissions have been selected.

    Figure 24. Create Repository Tokens


    Note

    Support for organization owned queries are implied for all view tokens.

  10. Click Create token to create the token. This shares the API token string and the ability to copy the string to your clipboard. This is the only time the API token string will be shared, so the token should be copied and stored in a safe place.

    Screenshot of the LogScale API token creation confirmation dialog displaying the newly generated repository token string. This critical security interface appears immediately after clicking 'Create token' and represents the only time the complete token string will ever be displayed to users. The dialog shows the newly created token as an alphanumeric string and prominently features a 'Copy' button that allows users to securely copy the token to their clipboard for storage in a password manager or secure location. The interface includes a warning message emphasizing that this is the only opportunity to view or copy the complete token - if the token is not saved now, it cannot be retrieved later and would need to be regenerated. An 'OK' button appears at the bottom to dismiss the dialog once the token has been copied.

    Figure 25. Repository Token String


  11. Click OK.