Token Access & Management
SeaLights utilizes tokens for various functionalities, including browser extension, API access, and agent communication.
Token Types
SeaLights employs three types of tokens:
Browser Extension Tokens: Used for browser extension and related functionalities.
API Tokens: Used for SeaLights Public API access.
Agent Tokens: Used for SeaLights agent communication.
Browser Extension Tokens
Purpose: Used for SeaLights browser extension and related functionalities: displaying SeaLights metrics in your SCM's UI and reporting manual tests.
Token Access
Browser extension tokens are user-based.
Browser extension tokens are linked to the user who created them.
These tokens inherit the creator's group access at the time of using the token, granting access to applications within the creator's groups.
Legacy extension tokens have global access (access to all applications).
Token Management
Each user can have only one browser extension tokens.
The Create New Token button is disabled if a non-legacy token already exists.
Users can view, copy, download, refresh, and delete their own browser extension token.
Legacy token are only visible to Admin/DevOps users, and their actions (copy, download, refresh) are disabled
If the token creator is deactivated or deleted, the extension token is automatically deactivated or deleted.
API Tokens
Purpose: Used for authentication in SeaLights public API.
Token Access
API tokens are group-based.
API tokens are linked to specific user groups, granting access to applications within those groups.
The user groups are linked to the token automatically or by user selection, at the time of creating the token or updating it.
Legacy extension tokens have global access (access to all applications).
New tokens can also have global access.
Token Management
Only Admin/DevOps users can access the API token page.
Tokens with Global Access can be viewed by:
All Admin/DevOps users, in case this is a legacy token.
Admin/DevOps users with permission for manage Users and Permissions, in case this is a non-legacy token with Global Access.
Admin/DevOps users can view only API tokens with access to groups they are authorized to view:
Admin/DevOps users must be assigned to all groups the token has access to, in order to view the token.
Example 1: Token with access to groups A and B, can be viewed by an Admin/DevOps user that is assigned to groups A, B, C.
Example 2: Token with access to groups A and D, cannot be viewed by an Admin/DevOps user that is assigned to groups A, B, C.
Admin/DevOps users with permission for manage Users and Permissions can view all tokens, even if they are not assigned to groups.
Admin/DevOps users can copy, download, and refresh tokens based on their group authorization.
Admin/DevOps users with permission for manage Users and Permissions will not be able to copy / download / refresh, if not assigned to all the groups a token has access to.
Admin/DevOps users that are able to view a specific token with Global Access can also copy / download / refresh the token.
Admin/DevOps users can disable/enable tokens.
Deletion is only possible after disabling.
Admin/DevOps users can add groups to existing tokens if additional groups are available. There is no option to remove a group that was already added.
Creating a token does not provide access to this token forever. The creator of a token can view a token as long as his/her assigned groups are aligned with the groups the token has access to.
Agent Tokens
Purpose: Used for authentication in SeaLights Agents.
Token Access
API tokens are group-based.
API tokens are linked to specific user groups, granting access to applications within those groups.
The user groups are linked to the token automatically or by user selection, at the time of creating the token or updating it.
Legacy extension tokens have global access (access to all applications).
New tokens can also have global access.
Token Management
Only DevOps users can access the API token page.
Tokens with Global Access can be viewed by:
All DevOps users, in case this is a legacy token.
DevOps users with permission for manage Users and Permissions, in case this is a non-legacy token with Global Access.
DevOps users can view only API tokens with access to groups they are authorized to view:
DevOps users must be assigned to all groups the token has access to, in order to view the token.
Example 1: Token with access to groups A and B, can be viewed by a DevOps user that is assigned to groups A, B, C.
Example 2: Token with access to groups A and D, cannot be viewed by a DevOps user that is assigned to groups A, B, C.
DevOps users with permission for manage Users and Permissions can view all tokens, even if they are not assigned to groups.
DevOps users can copy, download, and refresh tokens based on their group authorization.
DevOps users with permission for manage Users and Permissions will not be able to copy / download / refresh, if not assigned to all the groups a token has access to.
DevOps users that are able to view a specific token with Global Access can also copy / download / refresh the token.
DevOps users can disable/enable tokens.
Deletion is only possible after disabling.
DevOps users can add groups to existing tokens if additional groups are available. There is no option to remove a group that was already added.
Creating a token does not provide access to this token forever. The creator of a token can view a token as long as his/her assigned groups are aligned with the groups the token has access to.
Last updated
Was this helpful?