Support API Token Based API Authentication

Token Based API Authentication

A token is a piece of data that has no meaning or use on its own, but combined with the correct tokenization system, becomes a vital player in securing your application. Token based authentication works by ensuring that each request to a server is accompanied by a signed token which the server verifies for authenticity and only then responds to the request.

Loggly API authentication via API Tokens

To increase the security of your interactions with the Loggly API, we’ve implemented a token-based authentication system. You can also use the user/password based authentication as shown in the examples here.

Your API token is used to provide access to Loggly’s API for your user account. This functionality is currently available to all Loggly API users. Additional tokens are often useful to segment client authorization or to replace existing tokens in the event a token is compromised.

Please Note:  This API token is  separate from your Source Setup Customer Tokens, which is used for sending data to Loggly.

How to Create an API Token

1. Log in to your Loggly account and go to Account -> API tokens  or replace your subdomain below to go to the API tokens page directly:

https://<subdomain>.loggly.com/account/users/api/tokens

2. Click on “Add New” and confirm this action by clicking on the “create” button.

This will create an API token as below:

You can create multiple tokens on this page as needed.

How to use the API Token

Use the token created in the above step to authenticate when communicating with the API by setting it as the ‘bearer <token>’ in the ‘Authorization’ header :

curl -v -H 'Authorization: bearer c1f1e7e4-61e7-4b19-83f4-a26dd61dca3c' 'https://<subdomain>.loggly.com/apiv2/events/iterate?q=*&from=-10m&until=now&size=10'

If the token is incorrect then you will get HTTP 401 Unauthorized response. If the token is correct you will get HTTP 200 response and the event data that you have requested.

 

Retiring a Token

Retiring a token will cause any API clients configured with this token to cease working until the client configuration is updated with a new token. This action cannot be undone. In order to retire a token, hover over the token and click on the ‘X‘ button as shown below:

Confirm this action by clicking on the Retire button:

This token will then move to the “Retired API Tokens” section of the page.

Thanks for the feedback! We'll use it to improve our support documentation.