API Tokens and Keys
Authenticate programmatic access to the Parascope API using personal tokens and service keys.
API tokens let you authenticate programmatic access to the Parascope API — for scripts, CI/CD pipelines, monitoring integrations, or any automation that needs to query or update your CMDB data.
Token Types
Parascope has two categories of API authentication:
| Category | Prefix | Created By | Lifetime |
|---|---|---|---|
| Personal tokens | ps_usr_ | Individual users via the UI | Until revoked |
| Service keys | ps_svc_ | System-provisioned by Parascope | Until rotated |
| Admin keys | ps_adm_ | Administrators | Until revoked |
| Read-only keys | ps_ro_ | Administrators | Until revoked |
Personal Tokens
Created by individual users, inheriting that user's permissions and data scopes. If the user is deactivated, all their tokens are immediately revoked.
Service Keys
Pre-provisioned keys used by automated integrations and service-to-service communication. These don't expire and aren't tied to a user account.
Creating a Personal Token
- Navigate to Settings then API Tokens
- Click Create Token
- Enter a name for the token (e.g., "Monitoring Script", "CI/CD Pipeline")
- Click Create
- Copy the token immediately — it will not be shown again
The token inherits your current permissions and data scopes. If your permissions change, the token's effective access changes too.
Using Tokens
Include the token in the X-API-Key header of your API requests:
curl -H "X-API-Key: ps_usr_your_token_here" \
https://your-company.parascope.io/api/v1/configuration-itemsOr for scripts:
# Store token in environment variable
export PARASCOPE_API_KEY="ps_usr_your_token_here"
# Use in requests
curl -H "X-API-Key: $PARASCOPE_API_KEY" \
https://your-company.parascope.io/api/v1/configuration-items?filter=ci_type:eq:kubernetes.podAlways use single quotes around the key value in shell commands to avoid special character interpretation.
Managing Tokens
Viewing Your Tokens
The token list at Settings then API Tokens shows:
- Token name
- Token prefix (first few characters for identification)
- Created date
- Last used date
The full token value is never displayed after creation.
Revoking a Token
- Find the token in the list
- Click Revoke
- Confirm the revocation
Revoked tokens are immediately invalidated — any requests using them will receive a 401 Unauthorized response.
Security Best Practices
- Name tokens descriptively — so you know which script or system uses each one
- One token per use case — don't share tokens across different scripts or systems
- Revoke unused tokens — regularly review and revoke tokens that are no longer needed
- Never commit tokens — don't store tokens in source code or config files checked into version control
- Use environment variables — store tokens in environment variables or secret management tools
- Use minimal permissions — if a script only reads data, ensure the token's user has read-only access
Related Documentation
- API Reference — Full API endpoint documentation
- Authentication — Authentication overview
- RBAC Administration — Managing permissions that tokens inherit