Docs » Create and manage access tokens » Create and manage organization access tokens

Create and manage organization access tokens 🔗

Access tokens, also known as org tokens, are long-lived organization-level tokens. By default, these tokens persist for five years so that you can use them in API calls that continually send data points to Infrastructure Monitoring. You can also use them in any continually-running scripts that call the API.

You can also use access tokens to track usage for different groups of users. This feature helps you track and manage your resource usage. For example, if you have users in the U.S. and Canada sending data to Infrastructure Monitoring gives each group its specific access token. You can then compare the amount of data coming from each country.

You can’t use access tokens for API requests that are associated with an administrator. See Create and manage API access tokens for more information.

Note

All access tokens are available to any user in your organization, so you can’t restrict access to specific tokens. Instead, use your company’s security and management procedures to let users know which token you want them to use.

The default access token 🔗

By default, every organization has one organization-level access token. If you don’t create any additional tokens, every API request that sends data to Infrastructure Monitoring must use this access token.

Manage access tokens 🔗

To manage your access (org) tokens:

  1. Open the Settings menu.

  2. Hover over Organization Settings, then select Access Tokens.

  3. To find an access token in a large list, start entering its name in the search box. Infrastructure Monitoring returns matching results.

  4. To look at the details for an access token, click the expand icon to the left of the token name.

    For information about the access token permissions enabled by the Authorization Scopes field value, see the permissions step in Create an access token.

  5. If you’re an organization administrator, the Actions menu appears on the right side of the token listing. You can select token actions from this menu.

View and copy access tokens 🔗

To view the value of an access token, click the token name and then click Show Token.

To copy the token value, click Copy. You don’t need to be an administrator to view or copy an access token.

Create an access token 🔗

Note

To perform the following tasks, you must be an organization administrator.

To create an access token:

  1. Open the Observability Cloud main menu.

  2. Hover over Organization Settings and select Access Tokens.

  3. Click New Token. If your organization has a long list of access tokens, you might need to scroll down to the bottom of the list to access this button.

  4. Provide a unique token name. If you enter a token name that is already in use, even if the token is disabled, Infrastructure Monitoring won’t accept the name.

  5. Select the permissions you want to set for the token. Use the principle of “least privilege”. Select options that create a token with the most restrictive permissions needed for the operations that use the token. Select from the following values:

    • RUM Token: Select this option to use the token to authentication with RUM ingestion endpoints that use the following base URL: https://rum-ingest.<REALM>.signalfx.com/v1/rum

      Caution

      RUM functionality displays the RUM token in URIs that are visible in a browser. For this reason, we preserve security by not allowing you to assign the Ingest Token or API Token permission to a RUM token.

    • Ingest Token: Select this option to use the token to authenticate with ingestion-related endpoints only. Here are the endpoints that accept an Ingest Token as authentication:

      • POST https://ingest.<REALM>.signalfx.com/v2/datapoint

      • POST https://ingest.<REALM>.signalfx.com/v2/event

      • POST https://ingest.<REALM>.signalfx.com/v1/trace

      For information about these endpoints, see Send Monitoring Metrics and Custom Events

    • API Token: Select this option to use the token to authenticate with Infrastructure Monitoring endpoints that don’t do ingestion. These endpoints have base URLs with the formats https://api.<REALM>.signalfx.com and wss://stream.<REALM>.signalfx.com.

      For information about these endpoints, see Summary of Splunk Infrastructure Monitoring API Endpoints

  6. Click OK.

Rename an access token 🔗

To rename a token:

  1. Select Rename Token from the token’s Actions menu.

  2. Enter a new name for the token.

  3. Click OK.

Renaming a token does not affect the value of the token.

Disable or enable an access token 🔗

Note

You can’t delete tokens; you can only disable them.

To disable a token, select Disable from the token’s Actions menu. The line that displays the token has a shaded background, which indicates that the token is disabled. The UI displays disabled tokens at the end of the tokens list, after the enabled tokens.

To re-enable a disabled token, select Enable from the disabled token’s Actions menu. The line that displays the token has a light background, which indicates that the token is enabled.