SignalFx Developers Guide

API Authentication

SignalFx REST requests use token-based authentication. The token is a SignalFx-supplied string you specify in the X-SF-TOKEN REST request header parameter. SignalFx uses two types of tokens:

Org tokens

Known as Access Tokens in the SignalFx web UI, org tokens are long-lived organization-level tokens.

Session tokens

Known as User API Access Tokens in the SignalFx web UI, session tokens are short-lived user-level tokens.

Obtaining tokens

Both the web UI and the API have ways to manage tokens.

Web UI

To get the org token for your organization, go to the Organization Overview in the SignalFx web UI and click the Access Tokens option. SignalFx administrators can also get a new token or manage organization tokens in this location.

To get a session token, go to your profile page to generate a User API Access Token.


The endpoint https://api.{REALM} manages session tokens. You don’t need a token to create a session token, but you do need to specify the email and password of an organization member.

The endpoint https://api.{REALM} manages org tokens. To use this endpoint, you need an existing access token for an organization member.

Tokens and usage limits

Org tokens can also control resource usage for your SignalFx account. This is described in detail in the topic Org Token Limits.

More information

To learn more about tokens, read the topic Authentication Tokens.

© Copyright 2020 Splunk, Inc.

Third-party license information