Project Access Tokens
Managing Project Access Tokens
What is an Access Token?
Access tokens are essential for enabling various data interactions within your Rollbar projects. Each project has its own unique set of access tokens, making them indispensable for routing data through different SDKs.
Scopes
You can find and administer your project access tokens in Project -> Settings -> Project Access Tokens. Project access tokens can have any or all of the following scopes:
| Scope | Description |
|---|---|
| post_server_item | Can perform all POST requests to /deploy/ and /item/. Can also be used to upload source maps (JS, proguard, dSym, flutter) |
| post_client_item | Can perform POST requests to /item/, but only if the item has a client-side platform (browser, mobile). |
| read | Can perform all GET requests |
| write | Can perform PATCH and DELETE requests. |
New projects are created with four tokens, one with each scope. As client tokens often need to be embedded in publicly visible code (i.e. the HTML source of a page)
A good practice is to use a separate client-side token with post_client_item scope, which only permits event sending from client-side platforms.
Configuration
Each token can also be configured in the following ways:
Title: A title can be added for easy identification.
Scope: Depending on the token's intended use, you can modify the scope.
User-Defined Rate Limit: Custom rate limits can be set if you're a paid user.
Disabling or Deleting: Tokens can be easily disabled or deleted as needed.
Rate Limiting
Rate Limit is only available for Paid Accounts
What is a Rate Limiting?
Rate limiting is the mechanism that restricts the amount of data an access token can send to Rollbar within a specific time window. You can learn more by visiting our rate limiting documentation
System-Defined Rate Limiting
Rollbar imposes a system-defined rate limit of 50,000 API requests per 1 minute, which acts as the upper boundary for data intake.
User-Defined Rate Limiting
For paid users, you can set your rate limits up to the 50,000 API requests per 1-minute system limit. These can be customized for various time frames, including 1 minute, 5 minutes, 30 minutes, 1 hour, 1 day, 1 week, and 30 days.
Disabling Tokens
If a token is compromised or being misused, it can be disabled. Once disabled, Rollbar will no longer accept data sent via this token and will return a 403 response code. You can disable a token by clicking the edit button and selecting the disabled checkbox. Disabled tokens will be displayed in a separate list with the ability to configure or re-enable tokens.
Expired Tokens
An expired token is a particular case of access tokens that can no longer be used to interact with the Rollbar platform. Unlike other types of tokens, expired tokens can neither be re-enabled nor have their configurations modified. However, they can be regenerated or deleted based on the user's requirements.
Single Token Regeneration
On the project access token page, if you have expired tokens, you'll notice an option to regenerate the expired token in the list item of the token. This feature will regenerate the single token, duplicating the scope, title, and rate limit.
Project Regeneration
On the project access token page, if you have expired tokens, you'll notice an option to "Regenerate Expired Tokens." This feature allows you to regenerate all expired tokens related to that specific project. When a token is regenerated, it will inherit the original token's title, scope, and rate limits but with a new key to replace the expired one.
Account Regeneration
For a more comprehensive approach, Rollbar offers an account-level regeneration feature. On the project list page, a banner will be displayed that allows you to view a modal explaining the step-by-step process of regenerating all expired tokens across all projects within the account. After regenerating, you will be given the option to download a CSV file that contains the details of all newly regenerated tokens. This could be extremely helpful for updating SDKs in one go.
Updated 14 days ago