API Tokens

API tokens provide specific permissions and limits when using and accessing LogScale through any of the APIs. These API tokens provide fine-grained control over the capabilities, IP access and expiration of the API token. For example, you can create an API token that only has permission to create users and expires after one hour. In contrast a Personal API token has all the abilities and permissions of the roles applied to the user, with no expiry.

Each API token is configured and created with one or more of the following parameters:

API Token name
The name of the token used to identify the token.
API Token domain
There are specific API tokens for different areas of LogScale functionality, including:
Permissions
Depending on the domain, API tokens will have one or more permissions which can be explicitly granted. These only apply to the generated API token, and limit the ability of the token to that functionality. For more information on permissions, see Repository and View Permissions.
IP Filter
An IP filter can be applied to limit access to a specific IP address or network. For more information, see IP Filters.
Expiry
A token can be configured to automatically expire on a set date. These can be set individually or within the corresponding security policy for the API token. See API token security policies for more information.

Using these combinations of parameters, examples of the API tokens that can be created include:

A token for creating a new repository that can only be used by clients in the local network.
A fleet management token that expires after 1 day for use during automated deployments.
A token to update S3 storage parameters granted to an admin for AWS.

Token Type	Named	Permission Model	Supports Expiry	Supports IP Filter	Enable/Disable	Updating Permissions
Personal API Token	No	Inherits all permissions of the user	Yes	Yes	Yes	N/A
Repository and View API Token	Yes	Specific repository and view permissions	Yes	Yes	Yes	Yes
Organization API Token	Yes	Specific organization permissions	Yes	Yes	Yes	Yes
System token	Yes	Specific system permissions	Yes	Yes	Yes	Yes

Because API tokens provide access to the LogScale instance through the API, the following controls exist around all tokens:

Expired tokens cannot be extended or renewed.
Tokens that have been created with an IP filter cannot have the filter removed.
The token secret cannot be modified, but it can be 'reset', generating a new random string to be used for accessing the API.
Token creation and usage is tracked within the Audit Logging using tokenType.

Self-Hosted Overview

Instance Administration

Query Administration

Configure Security

Authentication and identity providers

Other authentication methods

Cluster Management

Health Checks

Ingesting Data

Configuration Variables

LogScale URLs and Endpoints

Limits and Standards

Deployment Overview

Planning Your Deployment

Instance Sizing

Authentication and identity providers

Other authentication methods

Storage Architecture

Installing Using Containers

Installing On Bare Metal or Cloud Instance

Reference Architectures

Installing Load Balancers

Deploying Auxiliary Services

Configuration Settings

Managing Your Deployment

Testing Your Deployment

Humio Operator

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Data Visualization

Automation

Template Language

Keyboard Shortcuts

API Tokens

Enter search term