Docs » Admin Guide » Track Organization DPM Usage with Access Tokens

Track Organization DPM Usage with Access Tokens

Admin users in your SignalFx organization can use tokens to manage and monitor SignalFx data ingest (DPM counts) across your organization.

About tokens

Tokens are used to authenticate and track various types of usage in SignalFx. As an administrator, you can provide instructions or guidance to your users regarding which token to use for different use cases.

SignalFx supports two types of tokens – organization-level access tokens and user API access tokens.

Access tokens

Access tokens (sometimes called org tokens) are long-lived organization-level tokens. By default, these tokens persist for 5 years, and thus are suitable for embedding into emitters that send data points over long periods of time, or for any long-running scripts that call the SignalFx API. This type of token can be used for any API call except those that invite or delete users; those APIs require a User API access token associated with an administrator.

User API access tokens

User API access tokens (sometimes called session tokens) can be thought of as a subset type of access token. These tokens are created by an authentication request from a specific user on their profile page, and expire automatically after 30 days. Session tokens can be used to access most capabilities in the SignalFx API, but cannot be used to send ingest data (datapoints or custom events) to SignalFx.

When a user uses a session token to create or update UI objects such as dashboards, charts, and detectors, you can see who created or most recently updated a particular object. For example, to see that information for a dashboard, select Dashboard -> Get Info from the dashboard’s actions menu.

../_images/token-info-in-ui.png

If you want to track this information, tell your users to use their User API Access Token when working in the API. If their token expires, they can just generate another one on their profile page.

If this information isn’t important to you, users can simply use an organization-level access token, described above, when using the API. You can use the information in the rest of this section to determine which access token you want each user to use.

Why use multiple access tokens?

Access tokens can track DPM for different groups of users, and can send alerts when DPM for a token reaches a specified level. This feature can help you track down what might be causing sudden spikes in DPM being sent to SignalFx.

For example, you may be looking at your usage report (available in the Billing and Usage tab) and notice a recent spike in DPM sent in. If different groups are using different access tokens, you can use the information on the Access Tokens tab to identify which group is sending in more data than normal. You can then follow up to determine if the usage is justified or if something has changed that is sending more data than necessary. Upon investigation, you might find that a metric that was formerly sent every minute is now being sent every second. An analysis will help you decide how often to send this metric, and correct your code if necessary.

Access tokens can also let you know when your DPM might be approaching a limit that you don’t want to exceed. For example, your account might be set up to send 50,000 DPM and, if you significantly exceed this value, you may be asked to upgrade your account (which would increase your monthly bill). By monitoring DPM values across all tokens, you can keep an eye on your DPM totals and trends, and thus note whether your data plan is on track to meet your ongoing requirements.

Note

All access tokens are available to any user in your organization. That is, you cannot restrict who has access to which tokens. Use standard administrative processes in place in your organization to let people know which token you want them to use.

Managing access tokens

To view and manage access tokens, click Admin on the global navigation bar, then click Access Tokens in the sidebar. The following illustration shows the Access Tokens tab as well as options available on a token’s actions menu.

../_images/tokens-tab-01.png

About the default access token

By default, every organization has one access token. If you don’t create any additional tokens, everyone in your organization sending data to SignalFx will use this access token.

Create an access token

To create a token, click New Token on the Access Tokens tab. You’ll be asked to provide a name for the new token. Token names must be unique; if you enter a name that is already being used (even for a disabled token), it will not be accepted.

../_images/new-token.png

To view and copy the access token, click the token name and then click Show Token.

../_images/show-token.png

Rename an access token

To rename a token, select Rename from the token’s actions menu. Renaming a token has no effect on the value of the token.

Disable and enable access tokens

To disable a token, select Disable from the token’s actions menu. (You cannot delete tokens.)

To view disabled tokens, click Show disabled tokens at the top of the tokens list. To re-enable a disabled token, select Enable from the disabled token’s actions menu.

Setting up alerts for use with access tokens

For each access token, you can create a detector to generate alerts and notifications when DPM usage reaches a specified value. To do so, select Manage Alert Threshold from the token’s actions menu.

Specify the value that will trigger the alert, and one or more notification recipients, then click Update. (Specifying recipients is optional but highly recommended.) The severity for token alerts is always Critical.

In the example below, we’re setting a threshold for the default token and sending a notification to a user in a Slack channel.

../_images/token-set-threshold.png

Monitoring DPM usage with access tokens

To view activity related to a token, click the token name to display information about the token. If the token is being used to send data to SignalFx, a chart will show values for how much data has been coming in for the past seven days. Data is displayed at one-hour resolution.

../_images/token-info-1.png

If you have specified an alert threshold, you can click View alert threshold in detector to see the detector in a standard detector view, which lets you view data in different selected time frames and also see if there are any active alerts for the detector.

../_images/token-detector.png

Close the detector to return to the Access Tokens tab.