An API token identifies and authenticates API requests. Authentication occurs via HTTP basic authentication. All API requests must be made over HTTPS and calls made over HTTP will fail.
Authentication occurs via HTTP basic authentication. All API requests must be made over HTTPS and calls made over HTTP will fail.
Generating a Token
Generating a User API Token
In the User API Token section of the User Preferences page, select Generate New Token. Generate new user tokens as necessary if you think your token may have been compromised.
Generating a new user token replaces and invalidates the previous token.
Generating a Company API Token
- In the Company API Token section of the User Preferences page, enter a description into the New Token field stating the purpose for the token.
- Select Generate.
- Copy the generated token and keep it in a secure place.
The company API token is displayed only once for security purposes.
Fetching a Token
Once generated, your token is displayed in the User Preferences page. Depending on the endpoint, visit the api_token
link in the cURL example request to open the relevant application and quickly copy your token.
Instructions
Token Placement in cURL
The api_token
text in the example requests across the Bitsight API documentation represent where to place the token using the cURL method.
- The
-u
option takes a parameter in the form ofusername:password
. - The colon (
:
) after the API token is required. The colon with nothing following it lets cURL know the password is blank/empty.A password in this case is unnecessary since it both identifies and authorizes the request.
curl https://api.bitsighttech.com/ratings/v… -u api_token:
Inserted token:
curl https://api.bitsighttech.com/ratings/v… -u abc123abc123abc123abc123abc123abcexample:
Token Placement in API Software
If you’re using API software (such as Postman or your browser) to develop and test your integrations, use the token as the username and leave the password blank.
Token Placement for Python
If you’re using the Python request library, use the API token as the username in the auth
parameter and set the password to an empty string.
In the following example, enter your API token into the api_token
text. The empty apostrophes (''
) normally contain the password.
import requests response = requests.get('api_endpoint', auth=(api_token, ''))
- September 4, 2024: Use instructions for methods other than cURL.
- August 19, 2024: Expanded on generating token instructions; Token generation permissions; Incorporated VRM admin permissions.
- July 31, 2024: cURL method instructions and example.
Feedback
0 comments
Please sign in to leave a comment.