LGTM Enterprise 1.24.1

Managing access tokens

You create and manage access tokens on your Account settings page in LGTM Enterprise.

To display your Account settings page, log in to LGTM, click your name in the top right of the menu bar, and then click Account settings.

Creating a token

  1. On your Account settings page, scroll down to Your authorized applications section.
  2. Click Create token to display the Create an access token for LGTM page.
  3. At the top of the page, enter a name for the access token. This will be shown on your Account settings page.
  4. Enable the scopes that provide the access you want to encode in this token. Some scopes are available only if you're authenticated using an account with administrator access to LGTM Enterprise, for example: system:read and snapshots:write. For more information about scopes, see Scopes. For full details of the scopes required by each endpoint, see the LGTM API reference.
  5. Click Create access token to display a confirmation screen.
  6. Check that the details are correct and click Allow to generate an access token for your account. Alternatively, click Deny to cancel the action.
  7. Make a secure copy of the token. Once you leave this page you will not be able to redisplay the token data.
  8. Click the arrow to return to your Account settings page. The name and details of the new token are listed in Your authorized applications section.
You should safeguard your access token. It provides the same access to LGTM as your account details.

Testing a token

The simplest way to test your token is to use the /projects endpoint to request a list of all projects you have authorization to view (limited to 100 projects per response). Replace {lgtm-server-url} with the URL for your instance of LGTM Enterprise, and {access-token} with the access token you want to test.

curl -X GET '{lgtm-server-url}/api/v1.0/projects' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'
If you're using the Windows command shell, you need to replace single quotes with double quotes. You should also use the caret symbol (^) as a line continuation character in place of the backslash symbol (\).

Successful 200 response

This example response is taken from LGTM.com, your response will look similar but will list the projects you have authorization to view in LGTM Enterprise. Each response is limited to 100 projects and concludes with a URL you can use to view the next 100 projects:

  "data": [
      "id": 890003,
      "url-identifier": "g/FountainJS/fountain-generator",
      "name": "FountainJS/fountain-generator",
      "url": "https://lgtm.com/projects/g/FountainJS/fountain-generator"
      "id": 890022,
      "url-identifier": "g/d3/d3-interpolate",
      "name": "d3/d3-interpolate",
      "url": "https://lgtm.com/projects/g/d3/d3-interpolate"
      "id": ...,
      "id": 900374,
      "url-identifier": "g/apache/jena",
      "name": "apache/jena",
      "url": "https://lgtm.com/projects/g/apache/jena"
  "nextPageUrl": "https://lgtm.com/api/v1.0/projects?start=AfedU4ccyzfnSHtjxvwRCugyWWWHJreUZtzmoRj2vXSfkOiOcXaOTNWC4acK4VVT31ISIVSZWT21paRQxB4GL91FI2O7oYG4k5inz2dd0QA0WF569x-rMV0NpE9zVXpd-w"

At the end of the response, if you have access to more than 100 projects, the API includes a nextPageUrl. Use this URL to request the next page of results.

Failed response

If there's a problem, you see a failed response:

  • The certificate chain was issued by an authority that is not trusted.

    A security failure blocks your access to the API. You need to talk to your LGTM administrator or IT team about accessing the API securely. An example of a typical security error:

    curl: (77) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.

  • 403 forbidden error response from the API

    This indicates that there was a problem with the access token that you included in the request. The error message tells you what the problem is, for example:

    • An authorization token must be provided to access this part of the API.—Check that your request included an access token.
    • The authorization token you provided was not valid.—Check that you didn't make a copy/paste error when you added your access token to the request.
    • Missing required scopes: [projects:read]—Check that you created an access token with scopes for the endpoints you want to use. On your Account settings page, check that the token includes the scope reported in the error message. If not, create a new token and retry using the new token. For information about the scopes required by different endpoints, see Scopes.

Revoking a token

  1. On your Account settings page, scroll down to the Your authorized applications section.
  2. The table lists all API access tokens for your account and also any OAuth tokens that you've created to allow plugins/extensions to access LGTM data (for example, LGTM for Eclipse).
  3. All API access tokens are associated with the LGTM application, and shown with the name and scope(s) that you specified.
  4. Identify the access token that you want to delete and click the Revoke button for that row.
  5. The access token is revoked immediately and any further API requests made using that token will be rejected.