Profile
Last updated
Last updated
The Profile page allows you:
to edit your Xygeni profile data and change your password
to configure Two-Factor authentication (2FA)
to create Xygeni Access Tokens
Xygeni allows to configure email-based Two-Factor Authentication either only for you or by all the users of the Xygeni account-
When you configure 2FA, after providing credentials in Xygeni login page, you will receive an email with a code.
Provide such a code to complete your login.
An Access Token (also known as 'api token' or 'api key') is used by clients, like the scanner or integrations to access the Xygeni platform API. It expires automatically after a predefined duration and can be revoked. It is more convenient that the alternative user credentials.
The token allows the client to perform certain operations, according to the permissions set:
Upload scan results.
Read issues.
Mute issues.
Administration: add users, add projects
To create a token in the Xygeni Dashboard, go to the Administration > Security tab, then click on the Generate new token button
Describe what the token will be used for, choose the validity period, and select the permissions granted to the token. Click on the Generate button:
Each permission enables the client to invoke certain api endpoints. The scanner typically need permissions to upload the scan results.
For administrative users that may configure the detectors and upload the configuration to be shared by other deployed scanners, add the Upload configuration permission.
It is recommended to follow the principle of least privilege. Give the token the minimal permissions needed for the intended tasks.
The token is generated, as shown:
Please note that the token itself is not stored by the platform, and will be ignored once the popup is closed. Make sure that you copy the token for use in the scanner, integrations or other api clients.
For example, for the scanner you may write it in the api:
It is recommended to encrypt the credentials in the scanner configuration using the command xygeni util encrypt.
The token is prefixed by xya_ (xygeni api) so it could be recognized and detected by secret scanners, to detect any leaks.
