Working with the ShiftLeft API's tokens endpoints
This article walks you through using the token-related endpoints available via the ShiftLeft API.
We offer a Postman Collection that includes these endpoints; the relevant section of the Collection is called Tokens. We suggest creating an environment to store frequently used variables (including your ShiftLeft access token and org ID values).
Before proceeding, you should have…
Your access token and org ID values (both are available in the ShiftLeft Dashboard).
Authentication
The ShiftLeft API uses bearer authentication, which means that you must pass in a bearer token before you make calls to any of the endpoints. More specifically, you must provide your ShiftLeft access token in the HTTP Authorization request header before proceeding.
Get organization roles
Return a list of roles an org has available to use (includes only the roles that ShiftLeft manages).
Sample response:
Get tokens
Return a list of tokens issued by the org. The token data returned includes metadata that identifies a token, included permissions, and an ID you can use to delete/revoke the token. The token data does NOT return the token value, which is exposed only when ShiftLeft issues the token.
Sample response:
Create token
Create a new token for use with the API. The token can be assigned a role using the role_id
parameter in the request body. Obtain the role_id
using the GET organization role endpoint.
Sample response:
Delete token
Delete an access token using its identifier.
Sample response: