Use this guidance to create an API token, which enables you to access SecurityScorecard's APIs and integrations with other products. API is not available to Free accounts, see the plans.
Note: When providing the token in the authorization header for an API request, make sure to precede the token itself with the word Token, as in the following screenshot example:
Create a token for your user account
- In SecurityScorecard, click your profile avatar and select My Settings.
- Select the API tab in the left settings pane and then click Generate New API Token.
- Click Confirm to generate the token.
- Copy the token and store it securely.
Note: API Keys do not expire on their own. One can create a new token any time, but doing so invalidates a previously created token. The user will need to replace the older API key with the new one for their integrations to work with SSC.
Create a bot (service account) user with an API token
You can create a bot user, to prevent a scenario where human users attempt to refresh an expired API token, causing your integration or API access to stop working. A bot user does not expire.
We also refer to a bot user as a service account since it is not associated with any individual person.
Note: If you do not have administrative permissions in SecurityScorecard, ask an administrator to create the user and API token for you.
- In SecurityScorecard, click your profile avatar and select My Settings.
- On the People Management tab under Admin Settings, click Invite People.
- Make the new user a bot so that it will not expire. This prevents a scenario where human users attempt to refresh an expired API token, causing the integration to stop working.
- Name the bot user and select the desired Access Level (here Read Only if the purpose is only to retrieve/get data from the platform). Then click Add User.
- Click Create API token for the new bot user.
- Click Confirm.
- Copy the API token and click Done. Store the token securely.
Comments
0 comments
Please sign in to leave a comment.