API Token Management Ingrid An API token identifies and authenticates API requests. Authentication occurs via HTTP basic authentication. All API requests must be made over HTTPS and calls made over HTTP will fail. Authentication occurs via HTTP basic authentication. All API requests must be made over HTTPS and calls made over HTTP will fail. Generating a Token Fetching a Token Instructions cURL API Software Python Generating a Token Determine the token type to generate and then go to the User Preferences page [ Settings ➔ Account ➔ User Preferences] to generate the token. Generating a User API Token In the User API Token section of the User Preferences page, select Generate New Token. Generate new user tokens as necessary if you think your token may have been compromised. Generating a new user token replaces and invalidates the previous token. Generating a Company API Token Only admin and VRM admin can generate company API tokens. See user permissions. In the Company API Token section of the User Preferences page, enter a description into the New Token field stating the purpose for the token. Select Generate. Copy the generated token and keep it in a secure place. The company API token is displayed only once for security purposes. Fetching a Token Once generated, your token is displayed in the User Preferences page. Depending on the endpoint, visit the api_token link in the cURL example request to open the relevant application and quickly copy your token. Instructions Token Placement in cURL The api_token text in the example requests across the Bitsight API documentation represent where to place the token using the cURL method. The -u option takes a parameter in the form of username:password. The colon (:) after the API token is required. The colon with nothing following it lets cURL know the password is blank/empty. A password in this case is unnecessary since it both identifies and authorizes the request. curl https://api.bitsighttech.com/ratings/v… -u api_token: Inserted token: curl https://api.bitsighttech.com/ratings/v… -u abc123abc123abc123abc123abc123abcexample: Token Placement in API Software If you’re using API software (such as Postman or your browser) to develop and test your integrations, use the token as the username and leave the password blank. Token Placement for Python If you’re using the Python request library, use the API token as the username in the auth parameter and set the password to an empty string. In the following example, enter your API token into the api_token text. The empty apostrophes ('') normally contain the password. import requests response = requests.get('api_endpoint', auth=(api_token, '')) September 4, 2024: Use instructions for methods other than cURL. August 19, 2024: Expanded on generating token instructions; Token generation permissions; Incorporated VRM admin permissions. July 31, 2024: cURL method instructions and example. Related articles API Documentation Overview Endpoints Pagination Errors and Status Codes Bitsight for Third-party Risk Management by ServiceNow Integration Guide Feedback 0 comments Please sign in to leave a comment.