Use API Tokens

API tokens can be used with both the REST API and GraphQL API. To use the token, it must be supplied as part of the Authorization header made as part of the HTTP request:

http

Authorization Bearer pHUw1oLASALFmt2ppNvwCR0Meo2nHQ15~ECViF0Ce95uIqFGSSatjKWX71EOzvkpVGSuc3zGYqJgR

For example, the following Python script creates a new repository.

python

import requests
import json 

query = """mutation { 
createRepository(name : "SampleRepository") { 
  id 
} 
} 
""" 

headers = {"Authorization":
"Bearer pHUw1oLASALFmt2ppNvwCR0Meo2nHQ15~ECViF0Ce95uIqFGSSatjKWX71EOzvkpVGSuc3zGYqJgR"}

url = 'http://example.com:8080/graphql' 
r = requests.post(url, headers=headers, json={'query': query})

print(r.status_code) 
print(r.text) 

json_data = json.loads(r.text) 

print(json_data)

For more information on executing API queries, see Application Programming Interfaces (APIs).

Use an Expired API Token

If you try to submit an API request using an API token that has expired, LogScale will return HTTP response code 401 and a message noting that the authentication is invalid:

http

401 The supplied authentication is invalid

Expired tokens cannot be extended or renewed; the token will need to be recreated.

Use an IP Filtered API Token

When using a token that has an IP filter applied that restricts access to the current client, LogScale will respond with HTTP response code 403 and a message noting that the IP filter is present:

http

403
Tokens can only be used from IP addresses accepted by the IP
filter set for them if any.

Filtered tokens cannot be modified, but must be recreated with the correct IP filter applied.

Respond to Token Compromise

If you suspect that an API token has been compromised or is being used without authorization, take immediate action to revoke access and investigate the extent of unauthorized usage.

Common indicators of token compromise include:

Unexpected API requests from unknown IP addresses
Unusual patterns in audit logs
API rate limiting or quota issues from unexpected usage
Token exposed in public repositories, logs, or documentation
Unauthorized changes to repositories, views, or organization settings

To respond to a compromised token:

Delete the compromised token immediately. Go to the appropriate token management page for the token type and delete the token. For more information on deleting tokens, see Manage Repository API Tokens, Manage Organization API Tokens, or Manage System Tokens.
Review audit logs to identify unauthorized activity. Filter the Audit Logging by tokenType to see all actions performed with the compromised token. Look for unexpected API calls, data access, or configuration changes.
Assess the impact of the unauthorized access. Determine what permissions the compromised token had and what resources could have been accessed or modified.
Create a replacement token with appropriate restrictions. When creating the new token, consider using:
- Minimum required permissions for the intended use case
- IP filters to restrict access to known networks or addresses. For more information, see IP Filters.
- Short expiration times to limit the window of exposure if the token is compromised again
Update applications or scripts that were using the compromised token with the new token string.
Document the incident for your security records, including the token name, date of compromise, unauthorized actions identified, and remediation steps taken.

Note

Deleting a token immediately invalidates it. All API requests using the deleted token will fail with an authentication error. Because there is no grace period, ensure you have a replacement token ready before deleting a token that is actively used by production systems.

To reduce the risk of token compromise:

Store tokens securely in credential management systems, not in code repositories or configuration files
Rotate tokens regularly, especially for long-lived tokens
Use the most restrictive permissions possible for each token
Enable IP filtering when tokens will only be used from known locations
Set expiration times, particularly for tokens used in temporary or automated deployments
Monitor audit logs regularly for unusual token usage patterns
Review and enforce API token security policies to ensure tokens meet organizational security requirements

Self-Hosted Overview

Instance Administration

Query Administration

Configure Security

Authentication and identity providers

Cluster Management

Health Checks

Ingesting Data

Configuration Variables

LogScale URLs and Endpoints

Limits and Standards

Deployment Overview

Planning Your Deployment

Instance Sizing

Authentication and identity providers

Storage Architecture

Installing Using Containers

Installing On Bare Metal or Cloud Instance

Reference Architectures

Installing Load Balancers

Deploying Auxiliary Services

Configuration Settings

Managing Your Deployment

Testing Your Deployment

Humio Operator

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Data Visualization

Automation

Template Language

Keyboard Shortcuts

Use API Tokens

Use an Expired API Token

Use an IP Filtered API Token

Respond to Token Compromise

Note

Enter search term