Repository and View API Tokens

Repository and View API tokens enable granular API access to an individual repository or view. The API token is limited only to the repository where the API token is created, and to the corresponding permissions granted to that token.


Repository and view are used interchangeably as are the token names. In the UI, the terms View Tokenand Repository Token may be used, but refer to the same object.

  • Data read access (including querying and searching the repository events)

  • Data management, such as data retention and deleting stored events

  • Searching repositories, including saved queries, sharing dashboards and connecting views

  • Ingest configuration, including the ability to create ingest tokens and parsers

  • Integrations, S3 archiving, event forwarding and managing packages

  • Triggers and actions such as scheduled searches and alerts

Repository tokens are managed from the Repository Settings page: