Creating System API Tokens
Creating a new system token will generate a new token string that can be used to manage the cluster. As they provide such a high-level of access that includes the ability to create organizations and create users, as well creating restricted permission tokens with a short expiration date is recommended to ensure that your LogScale instance is secure.
System API tokens have the following parameters that will be unique to each API token created:
The permissions chosen from the token provide granular access to the specific area of API functionality. For example, granting the specific permission Change bucket storage only provides the ability to change how data is stored; it does not control retention times or provide access to the bucket data.
System tokens can be given an expiration time expressed as the number of minutes, hours or days from creation.
An IP filter can be configured to limit access from specific networks or hosts.
The expiry and IP filter configuration can be enforced through a security policy. See System Tokens Security Policies for more information.
To create a new System API token:
Click on the profile, top right, and select Cluster administration.
Click System tokens from the list on the left.
Click the
button.Give the token a name.
Select the permissions that you want the token to support. Note that you can select as many permissions as required for the API token. For information on the permissions and what API endpoints they support, see Cluster Management Permissions.
If the security policy allows for setting a custom IP filter, you can select the named IP filter from the pop-up. For more information on IP filtering, see IP Filters and Security Policies for more information.
If the security policy allows, you can set an expiration for the API token, based on the number of minutes, hours or days until the API token expires. If the security policy does not specify an expiration, you can optionally create an API token without an expiry time.
Click
to create the token. This will share the API token string and you can then copy the string to your clipboard. This will be the only time the API token string will be shared, and so the token should be copied and stored in a safe place.