In this article:
Use this guidance to create an API token, which enables you to access SecurityScorecard's APIs and integrations with other products.
Note: When providing the token in the authorization header for an API request, make sure to precede the token itself with the word token, as in the following screenshot example:
Create a token for your user account
- In SecurityScorecard, click your profile avatar and select My Settings.
- Select the API tab in the left settings pane and then click Generate New API Token.
- Click Confirm to generate the token.
- Copy the token and store it securely.
Note: You can create a new token any time, but doing so invalidates a previously created token. You will need to replace the older token wherever you use it.
Create a bot (service account) user with an API token
You can create a bot user, to prevent a scenario where human users attempt to refresh an expired API token, causing your integration or API access to stop working. A bot user does not expire.
We also refer to a bot user as a service account since it is not associated with any individual person.
Note: If you do not have administrative permissions in SecurityScorecard, ask an administrator to create the user and API token for you.
- In SecurityScorecard, click your profile avatar and select My Settings.
- On the Users tab under Admin Settings, click Add User.
- Make the new user a bot so that it will not expire. This prevents a scenario where human users attempt to refresh an expired API token, causing the integration to stop working.
- Name the bot user and make sure it has read-only access. Then click Add.
- Click new token for the new bot user.
- Copy the API token and click Done. Store the token securely.