ComplianceScout.ai
Sign InFree Trial

API tokens

Issue and revoke long-lived tenant tokens for SCIM provisioning and agent access.

Identity & access

API tokens are long-lived tenant credentials for SCIM provisioning (read/write users and groups) and agent access to compliance data — read-only, or execute for mutating actions. The list shows each token's name, scopes, prefix, last-used time, and creation date, with a revoke action. Tokens are shown in full only once, at creation.

How to use it

  1. Open Settings → API tokens and click New token.

  2. Give the token a descriptive name (for example, "CI pipeline").

  3. Select at least one scope: SCIM read, SCIM write, read-only agent access, or execute agent access. Execute also requires AI mutations to be enabled in settings before any action runs.

  4. Click Create token, then copy the value immediately — it is shown only once.

  5. Revoke a token from its row when it's no longer needed; revocation takes effect immediately.

Tips

  • Revoking a SCIM token breaks any IdP feed using it — confirm nothing depends on it first.
  • Revoked tokens stay listed (muted) for audit history.

Related

Open API tokens in the app

Jump straight to the feature, or browse the rest of the guides.

Go to API tokensAll feature guides →