This article walks you through using the token-related endpoints available via the ShiftLeft API.
We offer a Postman Collection that includes these endpoints; the relevant section of the Collection is called Tokens. We suggest creating an environment to store frequently used variables (including your ShiftLeft access token and org ID values).
Before proceeding, you should have…
Your access token and org ID values (both are available in the ShiftLeft Dashboard).
The ShiftLeft API uses bearer authentication, which means that you must pass in a bearer token before you make calls to any of the endpoints. More specifically, you must provide your ShiftLeft access token in the HTTP Authorization request header before proceeding.
Get organization roles
Return a list of roles an org has available to use (includes only the roles that ShiftLeft manages).
Return a list of tokens issued by the org. The token data returned includes metadata that identifies a token, included permissions, and an ID you can use to delete/revoke the token. The token data does NOT return the token value, which is exposed only when ShiftLeft issues the token.
Create a new token for use with the API. The token can be assigned a role using the
role_id parameter in the request body. Obtain the
role_id using the GET organization role endpoint.
Delete an access token using its identifier.