Docs » Administration » Managing Tokens

Managing Tokens

Overview

Tokens are used to authenticate and track various types of usage in SignalFx. As an administrator, you can provide instructions or guidance to your users regarding which token to use for different use cases.

SignalFx supports two types of tokens – user API access tokens and organization-level access tokens.

User API access tokens

User API access tokens (sometimes called session tokens) are created by an authentication request from a specific user on their profile page, and expire automatically after 30 days. Session tokens can be used to access most capabilities in the SignalFx API, but cannot be used to send ingest data (datapoints or custom events) to SignalFx; an access token is required for data ingest.

When a user uses a session token to create or update UI objects such as dashboards, charts, and detectors, you can see who created or most recently updated a particular object. For example, to see that information for a dashboard, select Dashboard Info from the dashboard’s Actions menu.

../_images/dashboard-info.png

If you want to track this information, tell your users to use their User API Access Token when working in the API. If their token expires, they can just generate another one on their profile page. If this information isn’t important to you, users can simply use an organization-level access token, described below, when using the API.

Access tokens

Access tokens (sometimes called org tokens) are long-lived organization-level tokens. By default, these tokens persist for 5 years, and thus are suitable for embedding into emitters that send data points over long periods of time, or for any long-running scripts that call the SignalFx API. This type of token can be used for any API call except those that invite or delete users; those APIs require a User API access token (see above) associated with an administrator.

Managing access tokens

To view and manage access tokens, open the Settings menu at far right on the navigation bar, hover over Organization Settings, and then select Access Tokens. The following illustration shows the Access Tokens pane as well as options available on a token’s Actions menu.

../_images/hb-tokens.png

About the default access token

By default, every organization has one access token. If you don’t create any additional tokens, everyone in your organization sending data to SignalFx will use this access token.

View and copy an access token

To view and copy the access token, click the token name and then click Show Token.

../_images/show-token.png

Create an access token

To create a token, click New Token on the Access Tokens pane. You’ll be asked to provide a name for the new token. Token names must be unique; if you enter a name that is already being used (even for a disabled token), it will not be accepted.

../_images/new-token.png

Rename an access token

To rename a token, select Rename Token from the token’s Actions menu. Renaming a token has no effect on the value of the token.

Disable and enable access tokens

To disable a token, select Disable from the token’s Actions menu. (You cannot delete tokens.)

Disabled tokens are shown at the bottom of the tokens list, below the enabled tokens. To re-enable a disabled token, select Enable from the disabled token’s Actions menu.

Note

If your subscription plan is based on the rate at which you are sending datapoints to SignalFx (DPM), see Track Organization DPM Usage with Access Tokens for information on using tokens to manage DPM.