Creating service and CI tokens
This article walks you through using a service account token (or service token) to call the /tokens endpoint available via the Qwiet API to create CI tokens.
We offer a Postman Collection that includes these endpoints; the relevant section of the Collection is called Tokens, and the specific example is called Create token using service account. We suggest creating an environment to store frequently used variables (including your Qwiet access token and org ID values).
Before proceeding, you should have…
Your integration token (with the role of Service Account) and org ID value:
Authentication
The Qwiet API uses bearer authentication, which means that you must pass in a bearer token before you make calls to any of the endpoints. More specifically, you must provide your Qwiet token (specifically, an integration token with the Service Account role assigned) in the HTTP Authorization request header before proceeding.
Create the CI token using the service account
Return a list of roles an org has available to use (includes only the roles managed by Qwiet). Note that the integration (access) token used for this call is the one assigned the service account role.
curl POST \ 'https://app.shiftleft.io/api/v4/orgs/{orgID}/tokens' \
--header 'Authorization: Bearer {accessToken}' \
--header 'Content-Type: application/json' \
--data-raw '{
"label": "tokenName",
"description": "A CI token created by a service account",
"role_id": "66ad5168-41be-4b6c-9ac5-a30b02229c35",
"token_type": "access"
}'
Note: you must use the role_ID and token_type values as shown; service account tokens can only be used to create CI tokens.
Sample response:
{
"ok": true,
"response": {
"id": "967...546",
"label": "tokenName",
"description": "A CI token created by a service account",
"value": "eyJh...zMQ"
}
}
To view your newly created token, use the list tokens endpoint:
curl \
GET 'https://app.shiftleft.io/api/v4/orgs/{orgID}/tokens?show_expired=false' \
--header 'Authorization: Bearer {accessToken}'