In this article:
Use this guidance to create an API token, which enables you to access SecurityScorecard's APIs and integrations with other products.
Note: When providing the token in the authorization header for an API request, make sure to precede the token itself with the word Token, as in the following screenshot example:
Create a token for your user account
- In SecurityScorecard, click your profile avatar and select My Settings.
- Select the API tab in the left settings pane and then click Generate New API Token.
- Click Confirm to generate the token.
- Copy the token and store it securely.
Note: API Keys do not expire on their own. One can create a new token any time, but doing so invalidates a previously created token. The user will need to replace the older API key with the new one for their integrations to work with SSC.
Create a bot (service account) user with an API token
You can create a bot user, to prevent a scenario where human users attempt to refresh an expired API token, causing your integration or API access to stop working. A bot user does not expire.
We also refer to a bot user as a service account since it is not associated with any individual person.
Note: If you do not have administrative permissions in SecurityScorecard, ask an administrator to create the user and API token for you.
- In SecurityScorecard, click your profile avatar and select My Settings.
- On the People Management tab under Admin Settings, click Invite People.
- Make the new user a bot so that it will not expire. This prevents a scenario where human users attempt to refresh an expired API token, causing the integration to stop working.
- Name the bot user and select the desired Access Level (here Read Only if the purpose is only to retrieve/get data from the platform). Then click Add User.
- Click Create API token for the new bot user.
- Click Confirm.
- Copy the API token and click Done. Store the token securely.