Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

API Token Management

Ingrid

An API token identifies and authenticates API requests. Authentication occurs via HTTP basic authentication. All API requests must be made over HTTPS and calls made over HTTP will fail.

Authentication occurs via HTTP basic authentication. All API requests must be made over HTTPS and calls made over HTTP will fail.

Generating a Token

Determine the token type to generate and then go to the User Preferences page [ Settings ➔ Account ➔ User Preferences] to generate the token.

Generating a User API Token

In the User API Token section of the User Preferences page, select Generate New Token. Generate new user tokens as necessary if you think your token may have been compromised.

Generating a new user token replaces and invalidates the previous token.

Generating a Company API Token

Only admin and VRM admin can generate company API tokens. See user permissions.

  1. In the Company API Token section of the User Preferences page, enter a description into the New Token field stating the purpose for the token.
  2. Select Generate.
  3. Copy the generated token and keep it in a secure place.

The company API token is displayed only once for security purposes.

Fetching a Token

Once generated, your token is displayed in the User Preferences page. Depending on the endpoint, visit the api_token link in the cURL example request to open the relevant application and quickly copy your token.

Instructions

Token Placement in cURL

The api_token text in the example requests across the Bitsight API documentation represent where to place the token using the cURL method.

  • The -u option takes a parameter in the form of username:password.
  • The colon (:) after the API token is required. The colon with nothing following it lets cURL know the password is blank/empty.

    A password in this case is unnecessary since it both identifies and authorizes the request.

curl https://api.bitsighttech.com/ratings/v -u api_token:

Inserted token:

curl https://api.bitsighttech.com/ratings/v -u abc123abc123abc123abc123abc123abcexample:

Token Placement in API Software

If you’re using API software (such as Postman or your browser) to develop and test your integrations, use the token as the username and leave the password blank.

Token Placement for Python

If you’re using the Python request library, use the API token as the username in the auth parameter and set the password to an empty string.

In the following example, enter your API token into the api_token text. The empty apostrophes ('') normally contain the password.

import requests

response = requests.get('api_endpoint', auth=(api_token, ''))
  • September 4, 2024: Use instructions for methods other than cURL.
  • August 19, 2024: Expanded on generating token instructions; Token generation permissions; Incorporated VRM admin permissions.
  • July 31, 2024: cURL method instructions and example.

Related articles

Feedback

0 comments

Please sign in to leave a comment.