Managing Personal Access Tokens

Access tokens provide a secure method for users and applications to access protected resources without exposing credentials. These tokens represent the authorization granted to a client, enabling secure interactions with resources on behalf of a user or service.


About Personal Access Tokens

SBOM Observer Personal Access Tokens (PATs) provide an alternative to using traditional login credentials for authentication when interacting with the SBOM Observer API.

PATs allow secure access to SBOM Observer resources on your behalf.

For more information, please refer to our documentation on

Different types of Access Tokens in SBOM Observer

SBOM Observer’s access management allows for detailed control, and future updates will expand customizable roles and token permissions.

Handle and share tokens with extreme care, ensuring secure storage and sharing only with trusted entities.s

Access Token Lifetime

When you create a new Personal Access Token (PAT) in SBOM Observer, it is important to note that the token will remain valid for a duration of 1 year from the date of creation. After this period, the token will expire, necessitating the generation of a new token for continued access and authentication.

Ensure to proactively manage your tokens, renewing them as needed to maintain uninterrupted operations within SBOM Observer. You can conveniently view the expiration dates of all generated tokens in the access tokens list, helping you keep track of their validity periods.

Scope and Namespace

When creating a Personal Access Token (PAT) in SBOM Observer, it is essential to understand that the token’s validity is tied to a specific namespace, rather than the entire organization. This means the access and permissions granted by the PAT are limited to the resources and actions available within that particular namespace.

Future updates of SBOM Observer will expand with support for multiple namespaces in an organization. This focused scoping helps in maintaining a more secure and organized access structure within SBOM Observer.


Creating Personal Access Tokens (PATs)

Below is a step-by-step guide on how to create an access token:

Step 1: Navigate to Access Tokens

  • Start by logging into the application or platform.
  • Locate and click on your Profile, found at the bottom left corner of the screen.
  • In your profile menu, find and click on the Access Tokens option. This will take you to the section of the platform where you can manage your access tokens.

Step 2: Create a New Access Token

  • Look for a button or option labeled Create Access Token and click on it.
  • Next, you'll be prompted to enter a name for the new access token. This helps in identifying and managing tokens later on.
  • After providing the necessary information, confirm or click on the Create token button to generate the new access token.

Step 3: Copy and Secure Your Access Token

  • Once the access token is created, it will be displayed on the screen.

    Make sure to copy and securely store the access token immediately, as it will only be shown once for security reasons.

  • Treat the access token like a password. Keep it confidential and only share it with authorized individuals or systems.

  • Once you close the dialogue displaying your newly created token, you'll see that the token has been added to the list of Personal Access Tokens.

Revoking Personal Access Tokens (PATs)

If you need to revoke access for a Personal Access Token (PAT) in SBOM Observer, please follow the steps below. Keep in mind that revoking a PAT is irreversible, and any systems or users relying on that token will immediately lose authentication access.

  1. Identify the Token: Locate the list of active Personal Access Tokens and find the token you wish to revoke. Select it by clicking on the checkbox next to the token's details to select it.

  2. Revoke the token: With the token selected, click on the Revoke Token button. This action might prompt a confirmation dialog to ensure that you want to proceed with revoking the selected PAT.

  3. Confirm Revocation: When prompted, confirm that you want to revoke the selected PAT permanently. Be certain before confirming, as this action cannot be undone.
    Once confirmed, the PAT will be immediately revoked. The system or user that was utilizing this token will no longer be able to authenticate with SBOM Observer using that PAT.

Revoking tokens cannot be undone

Revoking a Personal Access Token is a permanent action. Once a token is revoked, it cannot be recovered, and any system or user relying on that token for authentication will lose access immediately. Ensure that you have alternative authentication methods in place if needed before revoking a PAT.