Creating an authorized service token

Before you start consuming the data over the Universal REST API endpoint, you must create an authorized service token. The token is used in the header of a request for the endpoint, and also during app configuration.

About this task

IBM® QRadar® on Cloud administrators can learn how to add and manage authorized service token by reading Authorized service tokens. If you're a QRadar on Cloud customer, contact Customer Support to create an authorized service token for you.


  1. On the QRadar Console, click Admin > Authorized Services.
  2. On the Authorized Service Management page, click Add.
  3. Add the relevant information in the following fields:
    1. In the Authorized Service Label field, type a name for this authorized service. The name can be up to 255 characters in length.
    2. From the Security Profile list, select the security profile that you want to assign to this authorized service. The security profile determines the networks and log sources that this service can access on the QRadar Console.
    3. From the User Role list, select the Admin user role.
    4. In the Expiry Settings section, type or select a date that you want this service to expire. If an expiry date is not necessary, switch the expiry toggle to Off.
    5. Click Save.

      The confirmation message contains a token that you need when you add an alert data source in your IBM Security QRadar Suite SaaS product. Copy the authorized service token to a text editor for secure storage. The token cannot be made visible after you close the dialog. You use the token in step 4b of Ingesting QRadar offense alerts by creating an ingestion data source.

    6. Close the Authorized Service Management page.
  4. On the Admin tab, click Deploy Changes.

What to do next

Assigning user permissions for QRadar Offenses Forwarder