wave
rectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundProduct updates

Updated API Tokens new management features: in partnership with GitHub –Secret Scanning, Prefixes, and more!

authorAndrew Starr-Bochicchio
Posted: April 18, 20222 min read

Today, we are excited to highlight our new API access tokens to boost token management to help improve security and automation. If you’ve recently generated an API access token you’ve likely noticed a few convenient updates.

We recommend you revoke any old tokens and re-generate your existing tokens at your earliest convenience to receive the following benefits.

Secret scanning GitHub partnership

We are excited to announce that we partnered with GitHub to take part in their secret scanning program. GitHub regularly scans code repositories they host to identify API tokens and other secrets accidentally committed to public repositories.

Now, when using the new DigitalOcean API tokens, GitHub is able to notify us so we can take action to protect your account. When an API token has been publicly exposed, we will automatically revoke it and notify you to help you mitigate the impact of the leak.

Distinct tokens improve readability and automation

The new token format has prefixes to easily identify them from other tokens. You can parse your tokens reading or programmatically if you prefer.

Many use API tokens to trigger DevOps flows or desired events and the new prefixes make automation easier. You can now scan for tokens having the expected prefix.

Tip: there are three patterns of prefixing depending on where a token was generated.

Find unused tokens with Last Used At

We want to enable you to make better-informed decisions about tokens you revoke. The control panel now displays when a token was last used to access the API. Quickly find and revoke unused tokens without fear of impacting a production service.

Set expiration date

Tracking your API tokens can be a pain, and stray tokens left on a server or developer’s machine can pose major security risks.

We now support setting an expiration date when generating personal access tokens in the control panel. Shorter-lived tokens help to ensure they can’t be used in attacks without manually revoking.

Only newly generated API access tokens will have the new improvements and other upcoming features.

We encourage you to revoke any old tokens no longer in use and re-generate your existing tokens at your earliest convenience.

Happy coding,

Andrew Starr-Bochicchio

Senior Software Engineer II

Share

You've got unique business needs. We've got powerful solutions to meet them. Chat with us to get started.Contact sales

Related Articles

Announcing new Basic Premium Droplet plans
product-updates

Announcing new Basic Premium Droplet plans

Harsh Banwait

August 3, 20233 min read

Introducing Spaces Object Storage in Bangalore, India
product-updates

Introducing Spaces Object Storage in Bangalore, India

Kirthi Kumar Devleker

July 10, 20233 min read

Introducing support for DigitalOcean Kubernetes backups with SnapShooter
product-updates

Introducing support for DigitalOcean Kubernetes backups with SnapShooter

DigitalOcean

June 6, 20233 min read

Get started for free

Enter your email to get $200 in credit for your first 60 days with DigitalOcean.

New accounts only. By submitting your email you agree to our Privacy Policy.

© 2023 DigitalOcean, LLC.
Get started for free

Enter your email to get $200 in credit for your first 60 days with DigitalOcean.

New accounts only. By submitting your email you agree to our Privacy Policy.