The developer-ready Client API endpoints can be accessed via one of two types of Bearer tokens: OAuth Access Tokens issued by an SSO provider or Glean-issued tokens. Both methods can be used concurrently, but we recommend using OAuth access tokens for a more secure authentication for Client API requests, scoped to the individual user itβs issued to.
Only admins have access to these settings. To access it, navigate to this link, or do the following:
You can create tokens in Gleanβs Client API Settings. This option is only accessible to admins. To access it:
The newly created token secret will only be visible once after its creation. Please ensure you save it securely as you wonβt be able to retrieve it later.
Each token should have one associated permission and one or more scopes to be usable.
The permissions and scopes assigned to a token cannot be changed after the token is created. Carefully select these attributes during token creation.
Permissions define the ability of the token to act on behalf of a user. The available options are:
These tokens can make API calls on behalf of any user in the system. To identify the user for each API call, the X-Glean-ActAs
HTTP header must be included, specifying the userβs email address.
Tokens with GLOBAL
permissions can only be created by Super Admin users.
These tokens can make API calls on behalf of a particular user. The user email is fixed while creating the token. The X-Glean-ActAs
HTTP header must be empty.
These tokens can make API calls on behalf of an anonymous user. The X-Glean-ActAs
HTTP header must be empty.
ANONYMOUS
permissions are supported only for a few endpoints as of now.
Please contact Glean support if youβre interested to use such tokens.
Scopes define the endpoints that are available to a token. A client API token can have one or more of the following scopes:
Scope | Description |
---|---|
ACTIVITY | Can access datasource user activity collection endpoints. |
AGENTS | Can access Glean Agents related endpoints. |
ANNOUNCEMENTS | Can access Glean Announcements related endpoints. |
ANSWERS | Can access Glean Answers related endpoints. |
CHAT | Can access GleanChat related endpoints. |
COLLECTIONS | Can access Glean Collections related endpoints. |
DOCPERMISSIONS | Can access the Glean Document Permissions related endpoints. |
DOCUMENTS | Can access endpoints related to Glean documents. |
ENTITIES | Can access endpoints related to entities. |
FEED | Can access Glean Feed related endpoints. |
FEEDBACK | Can access user feedback related endpoints. |
INSIGHTS | Can access insights related endpoints. |
PEOPLE | Can access Glean people related endpoints. |
PINS | Can access Glean pins related endpoints. |
SEARCH | Can access endpoints related to search queries and autocomplete. |
SHORTCUTS | Can access shortcuts feature (aka GoLinks) related endpoints. |
SUMMARIZE | Can access AI summary related endpoints. |
VERIFICATION | Can access endpoints related to document verification feature. |
When you create a token, you will select the permission and scope(s) in the βAdd Client API Tokenβ dialogue box as described in the token creation steps.