# API Tokens

## Overview

Use these API operations to interact with [API tokens](https://docs.panther.com/panther-developer-workflows/api/..#how-to-create-a-panther-api-token) in Panther. An API token can rotate itself using the `POST api-tokens/self/rotate` endpoint.

To call the API, see the [How to use the Panther REST API](https://docs.panther.com/panther-developer-workflows/api/rest/..#how-to-use-the-panther-rest-api) instructions—including [directions for how to invoke it directly from this documentation page](https://docs.panther.com/panther-developer-workflows/api/rest/..#step-3-invoke-the-panther-rest-api).

## Required permissions

* For `GET` operations, your API token must have the `Read API Token Info` permission.
* For `POST` and `DELETE` operations, your API token must have the `Manage API Tokens` permission.

See [Permission names in the Console and API](https://docs.panther.com/system-configuration/rbac#permission-names-in-the-console-and-api) for additional information.

## Operations

## POST /api-tokens

> Create an api token

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"api token","description":"The api token api handles all operations for api tokens"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"APITokenAPI.ModifyAPIToken":{"type":"object","properties":{"allowedCIDRBlocks":{"type":"array","items":{"type":"string"},"description":"The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed"},"name":{"type":"string","description":"The name of the token"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}}},"required":["name","permissions"]},"APITokenAPI.APIToken":{"type":"object","properties":{"allowedCIDRBlocks":{"type":"array","items":{"type":"string"},"description":"The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed"},"createdAt":{"type":"string","description":"Time when the API token was created"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the token"},"expiresAt":{"type":"string","description":"Time when the API token will expire. Will be null if the token is non-expiring"},"id":{"type":"string","description":"The unique identifier of the token"},"lastUsedAt":{"type":"string","description":"The last time this token was used to authenticate"},"name":{"type":"string","description":"The name of the token"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"rotatedAt":{"type":"string","description":"Time when the API token was rotated"},"updatedAt":{"type":"string","description":"Time when the API token was updated"},"updatedBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who updated the token"},"value":{"type":"string","description":"The API token value, only populated during create and rotate actions"}},"required":["name","permissions","id","createdAt"]},"APITokenAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/api-tokens":{"post":{"tags":["api token"],"summary":"Create an api token","operationId":"api token#create","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.ModifyAPIToken"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.APIToken"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.BadRequestError"}}}}}}}}}
```

## GET /api-tokens/{id}

> Get an api token

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"api token","description":"The api token api handles all operations for api tokens"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"APITokenAPI.APIToken":{"type":"object","properties":{"allowedCIDRBlocks":{"type":"array","items":{"type":"string"},"description":"The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed"},"createdAt":{"type":"string","description":"Time when the API token was created"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the token"},"expiresAt":{"type":"string","description":"Time when the API token will expire. Will be null if the token is non-expiring"},"id":{"type":"string","description":"The unique identifier of the token"},"lastUsedAt":{"type":"string","description":"The last time this token was used to authenticate"},"name":{"type":"string","description":"The name of the token"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"rotatedAt":{"type":"string","description":"Time when the API token was rotated"},"updatedAt":{"type":"string","description":"Time when the API token was updated"},"updatedBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who updated the token"},"value":{"type":"string","description":"The API token value, only populated during create and rotate actions"}},"required":["name","permissions","id","createdAt"]},"APITokenAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"APITokenAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/api-tokens/{id}":{"get":{"tags":["api token"],"summary":"Get an api token","operationId":"api token#get","parameters":[{"name":"id","in":"path","description":"ID of the api token. Note: if self is provided, the current api token will be returned","required":true,"schema":{"type":"string","description":"ID of the api token. Note: if self is provided, the current api token will be returned"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.APIToken"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.NotFoundError"}}}}}}}}}
```

## POST /api-tokens/{id}

> Update an api token

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"api token","description":"The api token api handles all operations for api tokens"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"APITokenAPI.ModifyAPIToken":{"type":"object","properties":{"allowedCIDRBlocks":{"type":"array","items":{"type":"string"},"description":"The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed"},"name":{"type":"string","description":"The name of the token"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}}},"required":["name","permissions"]},"APITokenAPI.APIToken":{"type":"object","properties":{"allowedCIDRBlocks":{"type":"array","items":{"type":"string"},"description":"The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed"},"createdAt":{"type":"string","description":"Time when the API token was created"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the token"},"expiresAt":{"type":"string","description":"Time when the API token will expire. Will be null if the token is non-expiring"},"id":{"type":"string","description":"The unique identifier of the token"},"lastUsedAt":{"type":"string","description":"The last time this token was used to authenticate"},"name":{"type":"string","description":"The name of the token"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"rotatedAt":{"type":"string","description":"Time when the API token was rotated"},"updatedAt":{"type":"string","description":"Time when the API token was updated"},"updatedBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who updated the token"},"value":{"type":"string","description":"The API token value, only populated during create and rotate actions"}},"required":["name","permissions","id","createdAt"]},"APITokenAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"APITokenAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/api-tokens/{id}":{"post":{"tags":["api token"],"summary":"Update an api token","operationId":"api token#update","parameters":[{"name":"id","in":"path","description":"ID of the api token. Note: if self is provided, the current api token will be updated","required":true,"schema":{"type":"string","description":"ID of the api token. Note: if self is provided, the current api token will be updated"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.ModifyAPIToken"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.APIToken"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.NotFoundError"}}}}}}}}}
```

## DELETE /api-tokens/{id}

> delete api token

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"api token","description":"The api token api handles all operations for api tokens"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"APITokenAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"APITokenAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/api-tokens/{id}":{"delete":{"tags":["api token"],"summary":"delete api token","operationId":"api token#delete","parameters":[{"name":"id","in":"path","description":"ID of the api token to delete. Note: if self is provided, the current api token will be deleted","required":true,"schema":{"type":"string","description":"ID of the api token to delete. Note: if self is provided, the current api token will be deleted"}}],"responses":{"204":{"description":"No Content response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.NotFoundError"}}}}}}}}}
```

## GET /api-tokens

> List api tokens

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"api token","description":"The api token api handles all operations for api tokens"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"APITokenAPI.ListResp":{"type":"object","properties":{"next":{"type":"string","description":"Pagination token for the next page of results"},"results":{"type":"array","items":{"$ref":"#/components/schemas/APITokenAPI.APIToken"}}},"required":["results"]},"APITokenAPI.APIToken":{"type":"object","properties":{"allowedCIDRBlocks":{"type":"array","items":{"type":"string"},"description":"The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed"},"createdAt":{"type":"string","description":"Time when the API token was created"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the token"},"expiresAt":{"type":"string","description":"Time when the API token will expire. Will be null if the token is non-expiring"},"id":{"type":"string","description":"The unique identifier of the token"},"lastUsedAt":{"type":"string","description":"The last time this token was used to authenticate"},"name":{"type":"string","description":"The name of the token"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"rotatedAt":{"type":"string","description":"Time when the API token was rotated"},"updatedAt":{"type":"string","description":"Time when the API token was updated"},"updatedBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who updated the token"},"value":{"type":"string","description":"The API token value, only populated during create and rotate actions"}},"required":["name","permissions","id","createdAt"]}}},"paths":{"/api-tokens":{"get":{"tags":["api token"],"summary":"List api tokens","operationId":"api token#list","responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.ListResp"}}}}}}}}}
```

## POST /api-tokens/{id}/rotate

> Rotate an api token. If self is provided the current token will be rotated

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"api token","description":"The api token api handles all operations for api tokens"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"APITokenAPI.APIToken":{"type":"object","properties":{"allowedCIDRBlocks":{"type":"array","items":{"type":"string"},"description":"The set of CIDR blocks that are allowed to use this API token. If empty, all CIDR blocks are allowed"},"createdAt":{"type":"string","description":"Time when the API token was created"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the token"},"expiresAt":{"type":"string","description":"Time when the API token will expire. Will be null if the token is non-expiring"},"id":{"type":"string","description":"The unique identifier of the token"},"lastUsedAt":{"type":"string","description":"The last time this token was used to authenticate"},"name":{"type":"string","description":"The name of the token"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"rotatedAt":{"type":"string","description":"Time when the API token was rotated"},"updatedAt":{"type":"string","description":"Time when the API token was updated"},"updatedBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who updated the token"},"value":{"type":"string","description":"The API token value, only populated during create and rotate actions"}},"required":["name","permissions","id","createdAt"]},"APITokenAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"APITokenAPI.ForbiddenErr":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"APITokenAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/api-tokens/{id}/rotate":{"post":{"tags":["api token"],"summary":"Rotate an api token. If self is provided the current token will be rotated","operationId":"api token#rotate","parameters":[{"name":"id","in":"path","description":"ID of the api token to rotate. Note: if self is provided, the current api token will be rotated","required":true,"schema":{"type":"string","description":"ID of the api token to rotate. Note: if self is provided, the current api token will be rotated"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.APIToken"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.BadRequestError"}}}},"403":{"description":"forbidden: Forbidden response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.ForbiddenErr"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/APITokenAPI.NotFoundError"}}}}}}}}}
```