How to Add an API Token

About this task

Randori's REST API uses bearer auth tokens for authentication. So, you'll need to create a token to leverage the API.

Here's a walkthrough on how to do that:

Procedure

  1. Login to the Randori Dashboard. You'll need Admin permissions on your account to create a token.
  2. Select Settings (the gear icon) on the leftmost navigation bar.
  3. Click API.
  4. Scroll down the page and select Create API Token.
  5. Add a meaningful token name in the API Token Label field.
  6. Select the appropriate permissions (they map to the same Managing Users and Permissions).
    • Observe: this will grant READ ONLY access to public reconnaissance data

    • Recon: this will grant READ and WRITE access to public reconnaissance data, allowing the token to update Status, Impact, Tags, Comments, and Add Affiliations

    • Attack: this will grant READ and WRITE access to INTERNAL reconnaissance data and attack activity, allowing for Authorization of Targets into scope

  7. Click Create.
  8. A popup with your API token will appear. Please note it somewhere safe because there's no way to access that secret again.