# Generating a token SeaLights utilizes tokens for various functionalities, including browser extension, API access, and agent communication. {% hint style="info" %} * There is no Public API to create, update, or delete Tokens. * All Tokens are revocable and rotated by users with relevant permissions at any time, according to the Organization’s policies. {% endhint %} ### **Token Types** SeaLights employs three types of tokens: * **Browser Extension Tokens:** Used for browser extension and related functionalities. * **API Tokens:** Used for SeaLights Public API access. * **Agent Tokens:** Used for SeaLights agent communication. *** ## **Browser Extension Tokens** **Purpose:** Used for [SeaLights browser extension ](https://chromewebstore.google.com/detail/sealights/ldcbjefiplkmggapdfbpeemhihkgdmik?hl=en)and related functionalities: displaying SeaLights metrics in your SCM's UI and reporting manual tests. ### Token Access Browser extension tokens are **user-based**. * Browser extension tokens are linked to the user who created them. * These tokens inherit the creator's group access at the time of **using** the token, granting access to applications within the creator's groups. * Legacy extension tokens have global access (access to all applications). ### Token Management * Each user can have only one browser extension tokens. * The Create New Token button is disabled if a non-legacy token already exists. * Users can view, copy, download, refresh, and delete their own browser extension token. * Legacy token are only visible to Admin/DevOps users, and their actions (copy, download, refresh) are disabled * If the token creator is deactivated or deleted, the extension token is automatically deactivated or deleted.
Token List & Token Creation * Open the SeaLights Settings page, from the Settings button on the top right. \ ![](broken-reference) * Go to **Browser Extension Tokes** on the side menu, under **Integration**. * Press **Create New Token** button, provide a name to your token and save. * Refresh the page and press **Copy Token** button on the newly created token and use it according to the specific SeaLights integration requirements.\ ![](broken-reference)
*** ## **API Tokens** **Purpose:** Used for authentication in SeaLights public API. ### Token Access API tokens are **group-based**. * API tokens are linked to specific user groups, granting access to applications within those groups. * The user groups are linked to the token automatically or by user selection, at the time of **creating** the token or updating it. * Legacy extension tokens have global access (access to all applications). * New tokens can also have global access. ### Token Management * Only Admin/DevOps users can access the API token page. * Tokens with **Global Access** can be viewed by: * All Admin/DevOps users, in case this is a **legacy** token. * Admin/DevOps users with permission for manage Users and Permissions, in case this is a non-legacy token with Global Access. * Admin/DevOps users can view only API tokens with access to groups they are authorized to view: * Admin/DevOps users must be assigned to all groups the token has access to, in order to view the token. * Example 1: Token with access to groups **A** and **B**, **can be viewed** by an Admin/DevOps user that is assigned to groups **A**, **B**, **C**. * Example 2: Token with access to groups **A** and **D**, **cannot be viewed** by an Admin/DevOps user that is assigned to groups **A**, **B**, **C**. * Admin/DevOps users with permission for manage Users and Permissions can view all tokens, even if they are not assigned to groups. * Admin/DevOps users can copy, download, and refresh tokens based on their group authorization. * Admin/DevOps users with permission for manage Users and Permissions **will not be able** to copy / download / refresh, if not assigned to all the groups a token has access to. * Admin/DevOps users that are able to view a specific token with Global Access can also copy / download / refresh the token. * Admin/DevOps users can disable/enable tokens. * Deletion is only possible after disabling. * Admin/DevOps users can add groups to existing tokens if additional groups are available. There is no option to remove a group that was already added. {% hint style="warning" %} Creating a token does not provide access to this token forever. The creator of a token can view a token as long as his/her assigned groups are aligned with the groups the token has access to. {% endhint %}
Token List & Token Creation * Open the SeaLights Settings page, from the Settings button on the top right. |\ ![](broken-reference) * Go to **API Token** on the side menu, under **Integration**. Cockpit & Onboarding * Press **Create New Token** button, provide a name to your token and save, and select access level, if required. * Press **Copy Token** button and use it according to the specific SeaLights integration requirements. * Alternatively press **Download Token** button and use the *sltoken.txt* file downloaded according to your integration requirements.
*** ## **Agent Tokens** **Purpose:** Used for authentication by SeaLights Agents. ### Token Access Agent tokens are **group-based**. * Agent tokens are linked to specific user groups, granting access to applications within those groups. * The user groups are linked to the token automatically or by user selection, at the time of **creating** the token or updating it. * Legacy extension tokens have global access (access to all applications). * New tokens can also have global access. ### Token Management * Only DevOps users can access the Agent token page. * Tokens with **Global Access** can be viewed by: * All DevOps users, in case this is a **legacy** token. * DevOps users with permission for manage Users and Permissions, in case this is a non-legacy token with Global Access. * DevOps users can view only Agent tokens with access to groups they are authorized to view: * DevOps users must be assigned to all groups the token has access to, in order to view the token. * Example 1: Token with access to groups **A** and **B**, **can be viewed** by a DevOps user that is assigned to groups **A**, **B**, **C**. * Example 2: Token with access to groups **A** and **D**, **cannot be viewed** by a DevOps user that is assigned to groups **A**, **B**, **C**. * DevOps users with permission for manage Users and Permissions can view all tokens, even if they are not assigned to groups. * DevOps users can copy, download, and refresh tokens based on their group authorization. * DevOps users with permission for manage Users and Permissions **will not be able** to copy / download / refresh, if not assigned to all the groups a token has access to. * DevOps users that are able to view a specific token with Global Access can also copy / download / refresh the token. * DevOps users can disable/enable tokens. * Deletion is only possible after disabling. * DevOps users can add groups to existing tokens if additional groups are available. There is no option to remove a group that was already added. {% hint style="warning" %} Creating a token does not provide access to this token forever. The creator of a token can view a token as long as his/her assigned groups are aligned with the groups the token has access to. {% endhint %}
Token List & Token Creation * Open the SeaLights Settings page from the Settings button on the top right.\ ![](broken-reference) * Go to **Agent Token** entry on the side menu, under **Cockpit & Onboarding**. * Press the **Create New Token** button, provide a name to your token and save, and select access level, if required. * Press the **Copy Token** button and use it according to the specific SeaLights integration requirements. * Alternatively, press the **Download Token** button and use the *sltoken.txt* file downloaded according to your integration requirements.