Learn about Service Access Tokens and how they enable centralized, secure access to RudderStack APIs at the organization or workspace level.
Available Plans
starter
growth
enterprise
3 minute read
This guide explains the concept of Service Access Tokens in RudderStack’s Access Management system. It also describes the steps to generate them and manage their permissions.
Overview
A Service Access Token (SAT) enables applications to access RudderStack APIs. It provides a flexible, secure, and centralized way for you to programmatically interact with resources and services in the RudderStack platform.
Unlike Personal Access Tokens which are tied to individual users, SATs provide centralized access to resources within an organization or workspace, ensuring continuity and reducing the risk of disruptions when members are removed or their roles change.
Operations performed with SATs are logged and audited against the SAT, ensuring that activities are traceable to the token rather than an individual user.
Personal Access Tokens vs. Service Access Tokens
Personal Access Tokens (PAT)
Service Access Tokens (SAT)
Tied to a specific user within a workspace.
Not tied to an individual user.
Used for individual tasks and testing.
Used for centralized, shared access and production use cases.
Any processes dependent on these tokens will break if the user is removed from the organization or a breaking change is made to their permissions.
Exist at an organization or workspace level, ensuring continuity in essential workflows and pipelines using these tokens.
RudderStack recommends using:
SATs for your production use cases that require shared access to the services and resources across the organization or workspace.
PATs for testing a service/feature or personal use cases.
Service Access Token types
You can generate the following two types of SATs in RudderStack:
Organization-level SATs
Organization-level SATs are associated with the entire organization and have Admin permissions by default.
Workspace-level SATs are linked to a specific workspace. Their usage is restricted to workspace-level resources (sources, destinations, transformations, Tracking Plans, etc.) and APIs.
You cannot use workspace-level SATs to interact with organization-level functionalities like Audit Logs or SCIM provisioning.
Generate Service Access Token
Go to Settings > Access Management > Service Access Tokens.
Only Admins can see the Service Access Tokens tab and create or delete Service Access Tokens.
This site uses cookies to improve your experience while you navigate through the website. Out of
these
cookies, the cookies that are categorized as necessary are stored on your browser as they are as
essential
for the working of basic functionalities of the website. We also use third-party cookies that
help
us
analyze and understand how you use this website. These cookies will be stored in your browser
only
with
your
consent. You also have the option to opt-out of these cookies. But opting out of some of these
cookies
may
have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This
category only includes cookies that ensures basic functionalities and security
features of the website. These cookies do not store any personal information.
This site uses cookies to improve your experience. If you want to
learn more about cookies and why we use them, visit our cookie
policy. We'll assume you're ok with this, but you can opt-out if you wish Cookie Settings.
