Skip to content

Personal Access Tokens

Personal Access Tokens (PATs) allow you to authenticate to the SenseOn Customer Accessible API (CAA) programmatically, without using your account password. Tokens are scoped, expiring, and fully audited.

Common uses include scripting integrations, automating case exports, and feeding SenseOn data into external SIEM or SOAR platforms.

💡 Relationship to SenseOn Connect: PATs use the same underlying token mechanism as the SenseOn Connect API. See SenseOn Connect for a full description of the available API endpoints.

Creating a Token

  1. Navigate to Settings > Integrations > API Configuration.
  2. Click Create Token.
  3. Enter a name that describes the token's purpose (for example, SIEM export or nightly-case-sync).
  4. Set an expiry date. Tokens cannot be created without an expiry.
  5. Select the scopes the token requires (see below).
  6. Click Create.

The token value is displayed once. Copy it immediately — it cannot be retrieved again. If lost, revoke the token and create a new one.

Available Scopes

Scopes control which parts of the API the token can access. Grant only the scopes your integration requires.

Scope Access granted
cases:read Read case details, observations linked to cases, and AI case summaries
cases:write Update case status and add comments
devices:read Read device and identity records
observations:read Read security observations
telemetry:read Read raw telemetry data
observations:write Create observations (requires prior approval from SenseOn — contact support)

Listing Your Tokens

To view all tokens you have created:

  1. Go to Settings > Integrations > API Configuration.
  2. Your tokens are listed with their name, creation date, expiry date, scopes, and last-used timestamp.

Expired tokens are shown with an Expired badge and can no longer be used for authentication.

Revoking a Token

To revoke a token immediately:

  1. Go to Settings > Integrations > API Configuration.
  2. Find the token you want to revoke.
  3. Click the three-dot menu next to it.
  4. Select Revoke.

Revoked tokens are listed with a Revoked status. They cannot be restored — create a new token if access is still required.

Admin: Viewing All Tokens

Admins can view tokens created by all users in the organisation:

  1. Go to Settings > Integrations > API Configuration.
  2. Toggle the Show all users' tokens switch at the top of the table.

This view shows the token name, owning user, scopes, expiry, and last-used date for every token in the organisation. Admins can also revoke tokens created by other users.

Token Audit Events

All token lifecycle events are recorded in the audit log:

Event Description
caa__pat_created A new token was created
caa__pat_deleted A token was revoked

See Audit Log for information on how to access and filter audit events.

Security Best Practices

  • Use the minimum scopes required — do not create tokens with broad access if your integration only needs to read cases.
  • Set short expiry dates — rotate tokens regularly, especially for automated pipelines.
  • Revoke tokens when no longer needed — for example when an integration is decommissioned or a team member with access to the token leaves.
  • Store tokens securely — treat a PAT like a password. Do not commit tokens to source control or share them in plaintext.