Skip to content

API Authentication Enterprise

All API requests require a personal access token (PAT). Tokens inherit the permissions of the user who created them. Ex: a token created by an Analyst cannot modify Trapsters or settings.

Create a token

Create personal access tokens (PAT) from Settings > Personal Access Tokens. Tokens inherit the permissions of the user who created them.

TopicBehavior
ExpirationChoose 15 days, 30 days, 90 days, 1 year, 2 years, or Never at creation time
After expiryExpired tokens are rejected; create a new token to replace them
RevocationOnly the token owner can revoke their own tokens. Administrators cannot revoke another user's tokens from the dashboard
OffboardingDeleting a user from Settings > Users removes all of their tokens automatically.
Changing expiryExpiration cannot be extended after creation; revoke and create a new token instead
  1. Log in to your Trapster dashboard
  2. Open Settings > Personal Access Tokens
  3. Enter a name (for example, soar-integration or reporting-script)
  4. Choose an expiration : use a short expiry for scripts and integrations that do not need indefinite access
  5. Click Add

The full token is shown once. Copy it immediately and store it in a secrets manager or environment variable as you cannot view it again after closing the dialog.

Verify it works:

bash
curl https://<your-trapster-dashboard>/api/v1/ping \
  -H "Authorization: token <your-token>"

Replace <your-trapster-dashboard> with your dashboard URL and <your-token> with the token you created.

A successful response returns { "status": "ok" }. An invalid or expired token returns { "error": "Unauthorized" }.

Revoke a token

  1. Open Settings > Personal Access Tokens
  2. Click the delete button next to the token

Revoked tokens stop working immediately. Any integration using that token will receive 401 Unauthorized responses.

When someone leaves your organization, delete their account from Settings > Users. That removes all of their personal access tokens automatically.

Token security

Store tokens in environment variables or a secrets manager, never in source code or version control. Do not share tokens: each token carries your full user-level permissions, so sharing one gives another person or system your access level within your namespaces.

Full API reference

The complete endpoint reference is available at /api/docs in your dashboard. See API Reference Overview.