API Tokens

Developers use Security Cloud Control API tokens when making Security Cloud Control REST API calls. The API token must be included in the REST API authorization header for a successful call. Although API tokens serve as "long-lived" access tokens and do not expire, they can be renewed or revoked.

To generate an API token in Security Cloud Control, you must first create an API Only User if one does not already exist. This user is specifically designated for API token generation and usage.

Once the API Only User is created, you can generate a new API token for that user. The token is visible only immediately after it is generated and remains visible as long as you stay on the General Settings page. If you navigate away and then return to the General Settings page, the token will no longer be displayed, although it is clear that a token has been issued.

Note	API Only Users can generate API tokens; individual users cannot create API tokens for themselves or others.