API Reference

Creating and Managing API Tokens

Introduction

Socket provides a powerful API that allows you to interact with your organization's data programmatically. To authenticate API requests, you need to use API tokens. This guide will show you how to generate and manage these tokens within your organization.

Generating a New API Token

To generate a new API token:

  1. Navigate to Settings: On the Socket dashboard, go to Settings in the left-hand menu.
  2. Access API Tokens: Click on the API Tokens tab within the Settings menu.
  3. Create API Token: Click the + Create API token button in the upper-right corner.
  4. A dialog will appear where you can set the name and choose the scopes for the token.
  5. After selecting the appropriate scopes, click Confirm to generate the token.
API Token Scopes

The following scopes can be selected when creating or editing an API token:

  • report

    • Full control of reports: This allows for the creation, listing, and reading of reports.
    • Permissions:
      • report:list: List reports
      • report:read: Read reports
      • report:write: Create reports

  • repo

    • Full access to organization repositories: This scope provides complete control over the repositories within the organization.
    • Permissions:
      • repo:list: List repositories
      • repo:create: Create repositories
      • repo:update: Update repositories
      • repo:delete: Delete repositories

  • full-scans

    • Full access to full scans: Manage full scans, including listing, creating, and deleting them.
    • Permissions:
      • full-scans:list: List full scans
      • full-scans:create: Create full scans
      • full-scans:delete: Delete full scans

  • packages

    • Full access to package metadata: This scope allows for the listing and management of package metadata.
    • Permissions:
      • packages:list: List package metadata

  • audit-log

    • Full access to audit log: Track and manage audit logs within the organization.
    • Permissions:
      • audit-log:list: List audit log events

  • integration

    • Full access to integrations: Manage all integrations connected to the Socket platform.
    • Permissions:
      • integration:list: List integrations
      • integration:create: Create integrations
      • integration:update: Update integrations
      • integration:delete: Delete integrations

  • threat-feed

    • Full access to threat feed: Access and manage the threat feed within the organization.
    • Permissions:
      • threat-feed:list: List threat feed items

Editing and Managing API Tokens

  1. To edit an API token, navigate to the API Tokens section.
  2. Click on the ellipsis (...) next to the token you want to manage.
  3. You can Edit name, Edit scopes, Edit visibility, Rotate token, or Revoke token as needed.
API Token Scopes

Best Practices

  • Least Privilege Principle: Assign only the necessary scopes to each token to minimize potential security risks.
  • Regular Rotation: Regularly rotate your tokens to reduce the impact of a compromised token.
  • Audit and Review: Periodically review the tokens and their scopes to ensure they align with current organizational needs and security practices.