Multiple API Tokens with Permissions — Librato Blog

Multiple API Tokens with Permissions

Today we're introducing fine-grained support for creating and managing your API Tokens. This includes the ability to create and name multiple tokens, toggle them between an active and inactive state, and control their permissions:


On your account page, you should see a new key icon on the left that switches to the token management tab. New accounts start with a single token by default. You can add new tokens with the '+' button, and click on an existing token to edit it. You should give the tokens a descriptive name to help you keep track of the purpose of each, e.g. if you intend to use it for a particular collection agent or 3rd-party integration.

We've also enabled you to restrict the access of individual API Tokens by assigning them one of three specific roles. The initial account token will automatically have Full Access permissions. Record Only is intended for agents and other collectors that primarily only submit measurements, but also may also need limited read access to existing metrics. View Only is useful for integrating tools that only need read access to dashboard-related resources, such as instruments, metrics, and measurements. We've put together a knowledge base page that lists exactly what resources and actions are permitted by each role.

We'd love to hear more about how you use these tokens, any new roles that might be useful to you, or use-cases for additional permissions on the existing roles. Just send us an email or drop by our support chat to give us your feedback!