Creating service and CI tokens
This article walks you through using a service account token (or service token) to call the /tokens
endpoint available via the ShiftLeft API to create CI tokens.
We offer a Postman Collection that includes these endpoints; the relevant section of the Collection is called Tokens, and the specific example is called Create token using service account. We suggest creating an environment to store frequently used variables (including your ShiftLeft access token and org ID values).
Before proceeding, you should have…
Your integration token (with the role of Service Account) and org ID value:

Authentication
The ShiftLeft API uses bearer authentication, which means that you must pass in a bearer token before you make calls to any of the endpoints. More specifically, you must provide your ShiftLeft token (specifically, an integration token with the Service Account role assigned) in the HTTP Authorization request header before proceeding.
Create the CI token using the service account
Return a list of roles an org has available to use (includes only the roles managed by ShiftLeft). Note that the integration (access) token used for this call is the one assigned the service account role.
Note: you must use the role_ID
and token_type
values as shown; service account tokens can only be used to create CI tokens.
Sample response:
To view your newly created token, use the list tokens endpoint: