API Tokens

API tokens provide specific permissions and limits when using and accessing LogScale through any of the APIs. These API tokens provide fine grained control over the capabilities, IP access and expiration of the API token. For example, an API token can be created that only allows a user to be created but that expires after an hour. In contrast a Personal API token has all the abilities and permissions of the roles applied to the user, with no expiry.

Each API token is configured and created with one or more of the following parameters:

Using these combinations of parameters, examples of the API tokens that can be created include:

  • A token creating a new repository that can only be used by clients in the local network.

  • A fleet management token that expires after 1 day to be used during automated deployments

  • A token to update S3 storage parameters granted to an admin for AWS

The following API tokens, and their scope, are:

  Named Permission Model Supports Expiry Supports IP Filter
Personal API Token No Inherits all permissions of the user Yes Yes
Repository and view tokens Yes Specific repository and view permissions Yes Yes
Organization tokens Yes Specific organization permissions Yes Yes
System tokens Yes Specific system permissions Yes Yes

Because API tokens provide access to the LogScale instance through the API, the following controls exist around all tokens:

  • Expired tokens cannot be extended or renewed

  • Tokens that have been created with an IP filter cannot have the filter removed

  • The token secret cannot be modified, but it can be 'reset', generating a new random string to be used for accessing the API.

  • Token creation and usage is tracked within the Audit Logging.