Authentication

Attention

The endpoints under Full Platform preview can't be accessed using Bearer Tokens.

The developer-ready Client API endpoints can be accessed via Bearer tokens. You can create tokens using Glean's Workspace Settings. This option is only accessible to workspace admins. To access it: Client API Token UI

  1. Click on your profile image located in the top right corner.
  2. From the dropdown, select Workspace Settings . This will open up the Workspace settings page.
  3. On the left sidebar, navigate to Setup and select API Tokens .
  4. In the API Tokens page, select the Client Tokens tab. Here you can see a list of all token metadata (note that the token itself won't be visible).
  5. To create a new token, click Add New Token . In the dialogue box, fill in appropriate values for Description, Permissions, Scopes, and Expires fields, then click Save .
Important Note

The newly created token secret will only be visible once after its creation. Please ensure you save it securely as you won't be able to retrieve it later.

Selecting Permissions and Scopes

Each token should have one associated permission and one or more scopes to be usable.

Note

The permissions and scopes assigned to a token cannot be changed after the token is created. Carefully select these attributes during token creation.

Permissions

Permissions define the ability of the token to act on behalf of a user. The available options are:

GLOBAL

These tokens can make API calls on behalf of any user in the system. To identify the user for each API call, the X-Scio-ActAs HTTP header must be included, specifying the user's email address.

Note

Tokens with GLOBAL permissions can only be created by Super Admin users within your company's workspace.

USER

These tokens can make API calls on behalf of a particular user. The user email is fixed while creating the token. The X-Scio-ActAs HTTP header must be empty.

ANONYMOUS

These tokens can make API calls on behalf of an anonymous user. The X-Scio-ActAs HTTP header must be empty.

Note

ANONYMOUS permissions are supported only for a few endpoints as of now. Please contact Glean support if you're interested to use such tokens.

Scopes

Scopes define the endpoints that are available to a token. A client API token can have one or more of the following scopes:

  • ACTIVITY : Can access datasource user activity collection endpoints.
  • ANNOUNCEMENTS : Can access Glean Announcements related endpoints.
  • CHAT : Can access GleanChat related endpoints.
  • ANSWERS : Can access Glean Answers related endpoints.
  • COLLECTIONS : Can access Glean Collections related endpoints.
  • ENTITIES : Can access endpoints related to entities.
  • FEEDBACK : Can access user feedback related endpoints.
  • INSIGHTS : Can access insights related endpoints.
  • PEOPLE : Can access Glean people related endpoints.
  • PINS : Can access Glean pins related endpoints.
  • SEARCH : Can access endpoints related to search queries and autocomplete.
  • SHORTCUTS : Can access shortcuts feature (aka GoLinks) related endpoints.
  • SUMMARIZE : Can access AI summary related endpoints.
  • VERIFICATION : Can access endpoints related to document verification feature.

When you create a token, you will select the permission and scope(s) in the "Add Client API Token" dialogue box as described in the token creation steps.