Authentication tokens

Overview

In the Administration → Credentials → Tokens area, you can manage the existing tokens in your domain or generate new ones. You can create tokens to authorize requests to our Devo APIs or to send data using an HTTP endpoint.

Create a new token

Click the New token button at the top right of this area to generate a new token. Fill the fields in the window that appears:

1. Enter a Name for the new token and assign it to yourself or to another user in your domain in the Authorized user field. Only that user will be able to use the token.

   Note that the selected user must have permission to access the data tables specified in the field below.

2. Use the Target table/s field to limit the tables in which the token will be used. Choose the required option(s) from the dropdown menu or enter the required tables manually and press ENTER to add them.

   If you enter the target tables manually, you can use wildcards as needed to reference a family of tables. The following table describes how to use wildcard symbols to specify the required target tables:
   

   Wildcard	Description	Example	Matches
   ?	Matches a single character where the wildcard is placed.	siem.logtrust.web.inf?	siem.logtrust.web.info
   		firewall.fortinet.even?.user	firewall.fortinet.event.user
   *	Matches zero or more characters in only one tag element.	siem.logtrust.alert.*	siem.logtrust.alert.info siem.logtrust.alert.error
   		web.a*.error	web.apache.error
   **	Matches zero or more characters in one or more tag elements.	web.aws.**	web.aws.elb.access
   		firewal.fortinet.**	firewal.fortinet.event.user firewal.fortinet.event.vpn firewall.fortinet.traffic.forward firewall.fortinet.traffic.local

3. Select one of the allowed actions for the new token in the Type area:

   HTTP ingestion	Create a token to send data using HTTP. See the HTTP endpoint article for more information.
   Query API (Query data and manage my jobs)	With this kind of token, you can use the Query API to start, stop and remove your own jobs or any matching the target tables. Learn more about using the Query API here.
   Query API (Query data and manage all domain jobs)	This is the same as the option above but allows you to start, stop, or remove any job within your domain. Learn more about using the Query API here.
   Alert API (Create and manage alerts using the API)	With this token, you can use the Alerting API to define new alerts and manage them. Learn more about using the Alerting API here.

4. Optionally, check the Expiration date field if you want to enter an expiration date for the new token. Choose the required date in the calendar.

5. Click Apply to create the token. 

The token will now appear in the table of this area. To copy the generated token to your clipboard, click its name in the table and copy it from the window that appears.

Manage tokens

All the tokens generated in the domain will appear in the table of this area. Click the ellipsis button that appears at the end of a token in the table to access the following actions:

Filter tokens

You can use the options at the top of the table to filter the list of tokens as required according to different parameters:

• Use the time buttons to display only tokens created during the last hour, day, etc. By default, the selected option is All.
• Filter tokens by status. The available options are All (default), Disabled and Enabled.
• Filter tokens by specific characteristics. Open the dropdown menu next to the search box to select the required parameter (Tags, Type, Name, Owner, Scope, Token and Authorized User) and enter the value to filter by in the search box. Note that you must enter complete values, and not part of them.

You can also filter tokens directly in the table by clicking a specific token type, authorized user, owner, or tag.