Adding a Bearer Token
Last updated on 14 August, 2024Important: Bearer tokens are available only to users who have enabled Traces (LM APM license).
Users are required to authenticate themselves with a bearer token before making LogicMonitor REST API v3 requests. It is a combination of multiple alpha numeric characters and is auto generated by LogicMonitor. Currently, you can use bearer token to authenticate LogicMonitor REST API v3 only.
You do not have to buy special license to get a bearer token. As a LogicMonitor customer, when you buy a license for a device such as cloud device, physical device, or device of any other type, you are eligible to get a bearer token. Also, you do not need a specific role to get the token. It is unique for each user.
Unlike LMv1 token that needs a combination of current date and time to authenticate, bearer token is not dependent on date and time for authentication. It does not expire or generate a random code that you have to use for authentication. Once you get the bearer token, you have to add it to the API requests just once. Later on, LogicMonitor REST API code will reuse the token without you having to enter it every time. As a developer using LogicMonitor REST API, you need not develop authentication header or write commands to authenticate yourself. Thus, bearer token not only saves time, it also saves development efforts.
High Security Standards of Bearer Token
Bearer token has been designed and developed to ensure customer data security. Refer to the following points to understand the security strength of bearer token:
- Bearer token is fully visible in LogicMonitor only at the time of its generation. That’s the only chance to copy it at a secure location. Next time onwards, the token is partially masked.
- The token is unique for each user and therefore, non-transferable. Thus, nobody can misuse it because it is partially masked and other than the rightful owner, authentication will fail.
- Bearer token is system generated and hence, it cannot be edited.
Prerequisite
You must have the Allow Creation of API Tokens permission to access the API Tokens tab and to generate a bearer token.
Adding a Bearer Token
Bearer tokens are designed to provide an authentication mechanism by which they can authenticate the API calls to the LM Platform. You can create Bearer token by following the below steps:
- In LogicMonitor, navigate to Settings > User Access > Users and Roles > Bearer Token tab.
- Select the Add Bearer Token + icon. The Add Bearer Token page appears.
- In the User field, select a user with role having DataIngestion permission for adding bearer token.
After you select a user, the bearer token is automatically populated in the Token field.
Note: An email notification is sent to the email associated with this user if changes are made to the bearer token after saving.
- (Optional) Select the Copy button against the Token.
Recommendation: Copy the bearer token and save it to a secure location.
- (Optional) In the Note field, enter a relevant note.
- Select Save.
The new Bearer token is created and displayed in the table and an email notification is sent to the email associated with the user.
Viewing Bearer Tokens
Navigate to Settings > Users and Roles > Bearer Tokens tab to view all bearer tokens across account users. For each token, you can see the associated user, bearer token, roles, note, created on date, last used date, last used IP address to access LogicMonitor, and the enabled/disabled status.
Managing Bearer Token
You can manage your bearer token in few quick steps. In this section, you will learn to delete, enable, and disable your token.
Deleting Bearer Token
You must consider the following points before deleting your token:
- Once a bearer token is deleted, it cannot be retrieved.
- All the existing API requests where you have provided the bearer token will fail after the token is deleted.
However, if you delete your existing bearer token, you can generate a new token and resume to authenticate LogicMonitor REST API requests.
Follow these steps to delete your bearer token:
- Navigate to Settings > Users and Roles > Bearer tab. A list of bearer tokens is displayed.
- Search for your bearer token.
- Select Delete corresponding to your bearer token. A message confirming deletion is displayed.
- Select Ok.
Enabling and Disabling Bearer Token
On the Bearer token table, the Enable check box for each bearer token indicates if the token is enabled or not. However, as per need, you can disable and then re-enable your bearer token.
- Enabling bearer token – You can authenticate API requests only if the bearer token is enabled. Once a bearer token is generated, by default, it is enabled.
- Disabling bearer token – Clear the Enable check box for your bearer token. All the existing API requests where you have provided the bearer token will fail after the token is disabled.
- Re-enabling bearer token – Select the Enable check box for your bearer token to re-enable.
- Viewing only enabled bearer tokens – From the Add Filter, select All. Then, from the Show filter, select the Enabled check box to view enabled bearer tokens. If you clear the check box, you can view both enabled and disabled bearer tokens.
Using Bearer Token on the User Interface
You can use bearer token to authenticate yourself while making API requests. You must carefully paste the bearer token in the Token field without adding blank space or extra characters.
Authenticating LogicMonitor v3 SDK Files
You must authenticate yourself before using the GO and Python v3 SDK files. You can use either an LMv1Auth or a Bearer token to authenticate.
Authenticating GO SDK using Bearer Token
The supported method in config is SetBearerToken(). By default, nil is set as the bearer token. You have to enter your bearer token to authenticate.
Example,
bearerToken := “BEARER_TOKEN_VALUE”
config.SetBearerToken(&bearerToken)
Authenticating Python SDK using Bearer Token
To authenticate yourself using Bearer token, enter the following details:
configuration.auth_type = ‘Bearer’
configuration.bearer_token = ‘BEARER_TOKEN_VALUE’
Disabling Unused Bearer Tokens
As a mitigation against risks related to the disclosure of previously generated and unused bearer tokens, LogicMonitor has introduced a feature to auto-disable unused tokens after a set days of inactivity. Admin user with Manage Security permission can set the number of inactive days after which the unused token is auto-disabled. For more information on how to disable tokens, see Configuring the Security Settings.
When the unused token is disabled, LogicMonitor sends an email alert to the owner of the bearer token about the disabled token and the reason for disabling it. A log of disabled token is maintained on the Audit Logs page. Similarly, details of the disabled tokens are also available in the table for bearer token. To access the details, navigate to Settings > User Access > Users and Roles and access the Bearer Tokens tab. The details of the disabled token are greyed and cannot be edited.
Admin user with Allow Creation of API Tokens permission can activate the disabled token. To do so, under the Enable column, select the checkbox for the bearer token that you want to activate.