Security Requirements and Controls
API Stability Long-Term

The updateTokenSecurityPolicies() GraphQL mutation is used to update the token security policies for the organization. Updating the policies will update or delete all existing tokens that don't fit into the changes. For instance, enforcing an IP filter for personal user tokens will set the IP filter on all tokens of that type. Disabling a token type, will delete all tokens of that type. Finally setting an enforce expiration after will set that on all tokens that are above the interval and keep their current expiration if inside the interval. Tokens below the expiration will be deleted.

Syntax

Below is the syntax for the updateTokenSecurityPolicies() mutation:

graphql
updateTokenSecurityPolicies(
      input: TokenSecurityPoliciesInput!
   ): Organization!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  updateTokenSecurityPolicies( input:
    {
      personalUserTokensEnabled: true,
      viewPermissionTokensEnabled: true,
      viewPermissionTokensAllowPermissionUpdates: true,
      organizationPermissionTokensEnabled: true,
      organizationPermissionTokensAllowPermissionUpdates: true,
    }
  )
  { id }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateTokenSecurityPolicies( input:
    {
      personalUserTokensEnabled: true,
      viewPermissionTokensEnabled: true,
      viewPermissionTokensAllowPermissionUpdates: true,
      organizationPermissionTokensEnabled: true,
      organizationPermissionTokensAllowPermissionUpdates: true,
    }
  )
  { id }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateTokenSecurityPolicies( input:
    {
      personalUserTokensEnabled: true,
      viewPermissionTokensEnabled: true,
      viewPermissionTokensAllowPermissionUpdates: true,
      organizationPermissionTokensEnabled: true,
      organizationPermissionTokensAllowPermissionUpdates: true,
    }
  )
  { id }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  updateTokenSecurityPolicies( input: ^
    { ^
      personalUserTokensEnabled: true, ^
      viewPermissionTokensEnabled: true, ^
      viewPermissionTokensAllowPermissionUpdates: true, ^
      organizationPermissionTokensEnabled: true, ^
      organizationPermissionTokensAllowPermissionUpdates: true, ^
    } ^
  ) ^
  { id } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  updateTokenSecurityPolicies( input:
    {
      personalUserTokensEnabled: true,
      viewPermissionTokensEnabled: true,
      viewPermissionTokensAllowPermissionUpdates: true,
      organizationPermissionTokensEnabled: true,
      organizationPermissionTokensAllowPermissionUpdates: true,
    }
  )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  updateTokenSecurityPolicies( input:
    {
      personalUserTokensEnabled: true,
      viewPermissionTokensEnabled: true,
      viewPermissionTokensAllowPermissionUpdates: true,
      organizationPermissionTokensEnabled: true,
      organizationPermissionTokensAllowPermissionUpdates: true,
    }
  )
  { id }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  updateTokenSecurityPolicies( input:
    {
      personalUserTokensEnabled: true,
      viewPermissionTokensEnabled: true,
      viewPermissionTokensAllowPermissionUpdates: true,
      organizationPermissionTokensEnabled: true,
      organizationPermissionTokensAllowPermissionUpdates: true,
    }
  )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  updateTokenSecurityPolicies( input:
    {
      personalUserTokensEnabled: true,
      viewPermissionTokensEnabled: true,
      viewPermissionTokensAllowPermissionUpdates: true,
      organizationPermissionTokensEnabled: true,
      organizationPermissionTokensAllowPermissionUpdates: true,
    }
  )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "updateTokenSecurityPolicies": {
      "id": "SINGLE_ORGANIZATION_ID"
    }
  }
}

Given Datatypes

The TokenSecurityPoliciesInput has many parameters. Below is a list of them and a description of each:

Table: TokenSecurityPoliciesInput

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 20, 2024
personalUserTokensEnabledstring  Long-TermWhether personal user tokens should be enabled.
personalUserTokensEnforceExpirationAfterMslong  Long-TermMaximum time in ms a personal user token can be used before expiring (TTL).
personalUserTokensEnforceIpFilterIdstring  Long-TermThe IP filter that will be enforced on all personal user tokens.
organizationPermissionTokensAllowPermissionUpdatesbooleanyes Long-TermWhether it should be allowed to change permissions on existing organization permission tokens.
organizationPermissionTokensEnabledbooleanyes Long-TermWhether organization permission tokens should be enabled.
organizationPermissionTokensEnforceExpirationAfterMslong  Long-TermMaximum time in milliseconds an organization permission token can be used before expiring (TTL).
organizationPermissionTokensEnforceIpFilterIdstring  Long-TermThe IP filter that will be enforced on all organization permission tokens.
systemPermissionTokensAllowPermissionUpdatesboolean  Long-TermWhether it should be allowed to change permissions on existing system permission tokens.
systemPermissionTokensEnabledboolean  Long-TermWhether system permission tokens should be enabled.
systemPermissionTokensEnforceExpirationAfterMslong  Long-TermMaximum time in milliseconds a system permission token can be used before expiring (TTL).
systemPermissionTokensEnforceIpFilterIdstring  Long-TermThe IP filter that will be enforced on all system permission tokens.
viewPermissionTokensAllowPermissionUpdatesbooleanyes Long-TermWhether it should be allowed to change permissions on existing view permission tokens.
viewPermissionTokensEnabledbooleanyes Long-TermWhether view permission tokens should be enabled.
viewPermissionTokensEnforceExpirationAfterMslong  Long-TermMaximum time in milliseconds a view permission token can be used before expiring (TTL).
viewPermissionTokensEnforceIpFilterIdstring  Long-TermThe IP filter that will be enforced on all view permission tokens.

Returned Datatypes

As indicated by the syntax above, this mutation will return data using the datatype, Organization. Below is a list of the parameters of that datatype:

Table: Organization

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 27, 2024
cidstring  Short-TermThe CID corresponding to the organization.
configsOrganizationConfigsyes Short-TermOrganization configurations and settings. See OrganizationDetails.
createdAtlong  Short-TermDate organization was created.
defaultCachePolicycachePolicy  PreviewThe default cache policy of the organization. See cachePolicy. This is a preview and subject to change.
descriptionstring  Short-TermThe description for the Organization. Can be null.
detailsOrganizationDetailsyes Short-TermAny additional details related to the organization. See OrganizationDetails.
externalGroupSynchronizationbooleanyes Short-TermWhether there is group synchronization.
externalPermissionsbooleanyes Short-TermWhether permissions are managed externally.
idstringyes Short-TermThe unique id for the Organization.
ingestUrlstring  Short-TermThe ingest URL for the organization.
isActionAllowedmultipleyes Short-TermCheck if user has a permission in organization. The datatype consists of (action: OrganizationAction): boolean. For OrganizationAction, give the action to check if a user is allowed to perform on the organization. See OrganizationAction.
limits[limit]yes Short-TermLimits assigned to the organization. See limit.
limitsV2[LimitV2]yes Short-TermLimits assigned to the organization. See LimitV2.
namestringyes Short-TermThe name for the Organization.
publicUrlstring  Short-TermThe public URL for the organization.
readonlyDashboardIPFilterstring  Short-TermIP filter for readonly dashboard links.
searchDomains[searchDomain]yes Short-TermSearch domains within the organization. See searchDomain.
statsOrganizationStatsyes Short-TermStatistics of the organization. See OrganizationStats.
trialStartedAtlong  Short-TermDate organization's trial started.