Observe API Tokens

Note

The Observe Authtokens UI is currently in private preview, please work with your Observe team to enable this feature flag.

Observe has three primary types of tokens that are used to authenticate users and systems to Observe.

  1. User Session Tokens - User session tokens are created on successful login to Observe. There are two subtypes of session tokens; Login, which is generated when you log in to Observe via username and password, and SSO, which is generated when you log in to Observe via a SAML IDP. User session tokens are bound to a specific user.

  2. API Tokens - API tokens can be created from code via the flows documented in Observe API Authentication. API tokens are used to interact with Observe’s REST APIs and are bound to a specific user.

  3. Datastream Tokens - Datastream tokens are used to authenticate systems and applications that need to ship data to Observe via Observe’s ingestion endpoints. Datastream tokens are bound to a specific datastream.

Managing Observe Tokens in the UI

Observe has a token management UI available to all admins under the Account Settings > Authtokens menu. The Authtokens UI is predominantly for minting API Tokens, but can also be used to manage Datastream tokens and User Session Tokens. All tokens have the following properties that you can sort and filter by:

  • Id : the unique ID of the token

  • Name : the human readable name of the token

  • Kind : Datastream, API, Login, SSO (SSO & Login are “session tokens”)

  • Status : Enabled or Disabled

  • Expiration : Datetime value for when the token expires (if ever)

  • Created By : Name of the user who created it

  • Created Date : Datetime of when the token was created

  • Updated By : Name of the user who updated it last

  • Updated Date : Datetime of when the token was updated

  • Description : Description provided when token was created

Creating a new API token

The Authtokens page supports the ability to create a new API token directly via the UI. To create an API token, click the Create API Token button. You will be presented with a modal that allows you to configure the following:

  • User : Will bind the token to the user of your choice - this is the first input box

  • Name : Friendly name of the authtoken, this will appear in the Name column after creation

  • Description : Provide an optional description of what the token is for

  • Expiration : You may set the token to expire at a future date. You can also set to “Never expires”

  • Extension : How long to extend the validity of an API token after each successful use. This only applies tokens with an expiration. You can set to “Never extends”

Enable, Disable & Delete

From the Authtokens UI, you can disable, enable and delete both Session and API tokens. Note that you must first disable a token before deleting it. Datastream tokens can only be deleted on the Datastream’s page, but can be disabled via the Authtokens UI.