The Bitsight API can authenticated using the following types of tokens:
See API Token Management for guidance on managing these tokens.
Client/Vendor Access Program Token
The registration token generated in the Client Requested Access to Bitsight Token section is for Cyber Insurers to set up registration for policyholders to sign up for the Client/Vendor Access Program.
Company API Token
Use company API tokens to prevent existing integrations from breaking if certain user accounts are deleted.
Example: An admin might generate a token for their Archer integration. If that admin leaves the company, the token can either continue to be used or it can be revoked by another admin.
- Company API tokens are not user-specific.
- Company API tokens have admin privileges.
- Companies can generate multiple Company API Tokens, and they remain valid unless an admin opts to delete them.
Previously Generated Company API Tokens
Field | Description |
---|---|
Date | The date when the token was generated. |
Generated by | The user who generated the token. |
Token ending in |
The last 4 characters of the token. The company API token is displayed only once when it was generated for security purposes. |
Access Control Group | The Access Control Group. This is inherited by the user who generated the token. |
Role | The role of the user who generated the token. |
Description | A description of the token. |
User API Token
User API token permissions are user-based. Each user can set up a per-user API token. One token can be generated for each user.
- September 3, 2024: Clarified that companies may have more than one Company API token.
- August 19, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.