Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

API Token Management

Avatar
Ingrid
Follow
  • November 12, 2021: Added navigational instructions for the Continuous Monitoring application.
  • April 20, 2021: Updated navigational instructions for the SPM application.

Use the Bitsight API to integrate Bitsight Security Ratings data with your organization's risk management platform(s), GRC solutions, or other custom software solutions. Authentication is token-based; your login credentials to the Bitsight Security Ratings Platform will not work.

Navigation Options

Go to SettingsAccountUser Preferences.

Notes:

  • Your API token should be treated as a password.
  • Anyone with a token will have information about all companies in your portfolio. If you think your token may have been compromised, you can always generate a new one from the same page, which will invalidate the previous one.
  • Authentication occurs via HTTP basic authentication. Use your API token as the basic authentication username, with no password.
  • All API requests must be made over HTTPS. Calls made over HTTP will fail.
  • You must authenticate for all requests.

Token Types

User API Tokens

Each user can set up a “per-user API token.” One token can be generated for each user.

Company API Tokens

Company API tokens are not user-specific. They can be used without breaking existing integrations if certain user accounts are deleted. For example, one Admin (Customer Admin) might generate a token for their Archer integration. If that Admin leaves the company, the token can either continue to be used or it can be revoked by another Admin.

If using a company API token for the /alerts API endpoint, the default alert setting are used instead of your own user-specific alert settings, which may return varying query results.

Related articles