createOrganizationPermissionsTokenV2()

API Stability Long-Term

The createOrganizationPermissionsTokenV2() GraphQL mutation field is used to creates an organization permissions token with the specified permissions.

To change the permissions related to an organization permissions token, use the updateOrganizationPermissionsTokenPermissions() mutation. To delete a token, use the deleteToken() mutation.

Hide Query Example

Show Tokens and Permissions Query

To get a list of organization permissions tokens, you could use the tokens() query like this:

graphql

query {
     tokens( typeFilter: OrganizationPermissionToken,
             sortBy: Name )
        { totalResults,
          results { id, name }
          }
   }

To get a list of permissions for organization permissions tokens, you could use the roles() query:

graphql

query {
    roles
       { totalResults,
         results { id, displayName, 
                   organizationPermissions }
    }

For more information on organization settings, see the Organization Settings documentation page. You may also want to look at the Manage Users and Permissions page for related information. For information on access tokens of various types, see the Ingest Tokens documentation page.

Syntax

graphql

createOrganizationPermissionsTokenV2(
       input: CreateOrganizationPermissionsTokenV2Input!
    ): CreateOrganizationPermissionsTokenV2Output!

Example

Below is an example of how this mutation field might be used:

Raw

graphql

mutation {
  createOrganizationPermissionsTokenV2(input:
         { name: "my-org-access-token",
          organizationPermissions: [ ManageUsers, ViewUsage ]
        })
  { token, tokenMetadata { id, expireAt } }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createOrganizationPermissionsTokenV2(input:
         { name: \"my-org-access-token\",
          organizationPermissions: [ ManageUsers, ViewUsage ]
        })
  { token, tokenMetadata { id, expireAt } }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createOrganizationPermissionsTokenV2(input:
         { name: \"my-org-access-token\",
          organizationPermissions: [ ManageUsers, ViewUsage ]
        })
  { token, tokenMetadata { id, expireAt } }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createOrganizationPermissionsTokenV2(input: ^
         { name: \"my-org-access-token\", ^
          organizationPermissions: [ ManageUsers, ViewUsage ] ^
        }) ^
  { token, tokenMetadata { id, expireAt } } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createOrganizationPermissionsTokenV2(input:
         { name: \"my-org-access-token\",
          organizationPermissions: [ ManageUsers, ViewUsage ]
        })
  { token, tokenMetadata { id, expireAt } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  createOrganizationPermissionsTokenV2(input:
         { name: \"my-org-access-token\",
          organizationPermissions: [ ManageUsers, ViewUsage ]
        })
  { token, tokenMetadata { id, expireAt } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createOrganizationPermissionsTokenV2(input:
         { name: \"my-org-access-token\",
          organizationPermissions: [ ManageUsers, ViewUsage ]
        })
  { token, tokenMetadata { id, expireAt } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createOrganizationPermissionsTokenV2(input:
         { name: \"my-org-access-token\",
          organizationPermissions: [ ManageUsers, ViewUsage ]
        })
  { token, tokenMetadata { id, expireAt } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "createOrganizationPermissionsTokenV2": {
      "token": "aeQOuK6TE5EZfSUEYt6igEzMhzrRJxXF~dElhiSYMbWiVV5Y3rXqMjSvPxD2kzQYlznYWun8QerNU",
      "tokenMetadata": {
        "id": "aeQOuK6TE5EZfSUEYt6igEzMhzrRJxXF",
        "expireAt": null
      }
    }
  }
}

Given Datatype

For this input datatype, you would provide the name of the token, and a list of organization permissions. These are listed and explained, along with other parameters, in the table below:

Table: CreateOrganizationPermissionsTokenV2Input

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Oct 8, 2025
expireAt	long		`Long-Term`	When the token expires.
ipFilterId	string		`Long-Term`	The unique identifier of the filter to use.
name	string	yes	`Long-Term`	The name of the organization permissions token.
organizationPermissions	[OrganizationPermission]	yes	`Long-Term`	A list of organization permissions. See OrganizationPermission.

Returned Datatype

With this returned datatype, through sub-parameters, a list of permissions associated with the token. the IP filter, if there is one, that's used with the token, when the token will expire, and other information. The table below contains some details, and links to these sub-parameters:

Table: CreateOrganizationPermissionsTokenV2Output

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Mar 25, 2025
token	string	yes	`Long-Term`	The organization permissions token.
tokenMetadata	OrganizationPermissionsToken	yes	`Long-Term`	Metadata about the token. See OrganizationPermissionsToken.

Versions of this Page

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes