Project Access Tokens
Managing Project Access Tokens
What is an Access Token?
Access tokens are essential for enabling various data interactions within your Rollbar projects. Each project has its own unique set of access tokens, making them indispensable for routing data through different SDKs.
Scopes
You can find and administer your project access tokens in Project -> Settings -> Project Access Tokens. Project access tokens can have any or all of the following scopes:
| Scope | Description |
|---|---|
| post_server_item | Can perform all POST requests to /deploy/ and /item/. Can also be used to upload source maps (JS, proguard, dSym, flutter) |
| post_client_item | Can perform POST requests to /item/, but only if the item has a client-side platform (browser, mobile). |
| read | Can perform all GET requests |
| write | Can perform PATCH and DELETE requests. |
New projects are created with four tokens, one with each scope. As client tokens often need to be embedded in publicly visible code (i.e. the HTML source of a page)
A good practice is to use a separate client-side token with post_client_item scope, which only permits event sending from client-side platforms.
Editing and Configuring Tokens
Managing individual tokens is straightforward, and now we've added the ability to edit multiple tokens in bulk for convenience. You'll find various actions that can be performed for each token and options for bulk editing.
Individual Token Actions
Here's a brief rundown of the actions you can perform on each token:
| Action | Description |
| Edit | Allows you to update the token's configurations, such as title, scope, and rate limits. |
| Regenerate | Generates a new token while keeping the same configurations. The new token will inherit the ‘Active’ status. |
| Disable | Temporarily deactivates the token. The token's status will change to 'Disabled.' |
| Expire | Manually sets the token to an 'Expired' status. The token becomes inoperable but is kept for historical reference. |
| Delete | Permanently removes the token from the Rollbar platform. |
Bulk Editing
Bulk editing is a useful feature for managing multiple tokens at once. Select the checkboxes next to the tokens you want to edit to utilize this function. Once selected, an action menu will appear in the table's header, displaying available actions. It's worth noting that the collective status of the tokens selected will determine the options presented. For example, if you choose an 'Active' and an 'Expired' token, the 'Disable' action won't be available since expired tokens can't be disabled. However, actions like 'Delete' and 'Regenerate' will remain accessible since active and expired tokens can undergo these changes.
This new approach streamlines your token management process, making it easier to enact large-scale changes or quickly adjust to new requirements.
Rate Limiting
Rate Limit is only available for Paid Accounts
What is a Rate Limiting?
Rate limiting is the mechanism that restricts the amount of data an access token can send to Rollbar within a specific time window. You can learn more by visiting our rate limiting documentation
System-Defined Rate Limiting
Rollbar imposes a system-defined rate limit of 50,000 API requests per 1 minute, which acts as the upper boundary for data intake.
User-Defined Rate Limiting
For paid users, you can set your rate limits up to the 50,000 API requests per 1-minute system limit. These can be customized for various time frames, including 1 minute, 5 minutes, 30 minutes, 1 hour, 1 day, 1 week, and 30 days.
Token Status
Understanding the status of your access tokens is crucial for effective project management and security. On the project access token page, you'll notice a 'Status' column color-coded to represent the current state of each token. We've introduced five key statuses to guide you:
Active
Active tokens are fully operational and can be employed for all authorized data interactions based on their scopes.
Disabled
If a token is compromised or being misused, it can be disabled. Once disabled, Rollbar will no longer accept data sent via this token and will return a 403 response code. You can disable a token via the context menu at the end of the token’s row in the table or by bulk-selecting multiple tokens. Disabled tokens can be re-enabled at any time.
Expiring Soon
A token with an ‘Expiring Soon’ status is still fully operational, just like an ‘Active’ token, but has an expiration date within one month. When the expiration date is reached, the token will get an ‘Expired’ status and become inoperable.
You cannot set token expiration dates; it is an internal Rollbar feature used in particular circumstances.
Expired
Tokens with an 'Expired' status are inoperable and cannot be reactivated or modified. They are retained in your project records primarily for historical reference. Expired tokens can also be easily regenerated if necessary, retaining their original configurations, such as scope and rate limits.
This feature offers a convenient way to manage your tokens effectively and avoid any potential issues that may arise during your project.
Token Regeneration
Single Token Regeneration
On the project access token page, you'll notice an option to regenerate the expired token in the list item of the token. This feature will regenerate the single token, duplicating the scope, title, and rate limit.
Project Regeneration
On the project access token page, if you have expired tokens, you'll notice an option to "Regenerate Expired Tokens." This feature allows you to regenerate all expired tokens related to that specific project. When a token is regenerated, it will inherit the original token's title, scope, and rate limits but with a new key to replace the expired one.
Account Regeneration
For a more comprehensive approach, Rollbar offers an account-level regeneration feature. On the project list page, a banner will be displayed that allows you to view a modal explaining the step-by-step process of regenerating all expired tokens across all projects within the account. After regenerating, you will be given the option to download a CSV file that contains the details of all newly regenerated tokens. This could be extremely helpful for updating SDKs in one go.
Updated about 1 year ago