Managing API Tokens
Manifest's APIs allow you to easily bring all of Manifest's functionality to your automated workflows. This ability is limited to team members with Admin or Member roles.
Notice as of August 11, 2025: Manifest is transitioning to user level tokens. Organization level tokens will be fully deprecated after the last org level token expires for users.
Creating a New API Token
- Go to Settings -> Account -> API Tokens
- Click the "Create new token" button in the top right.
- Fill in your token details:
- Token name (*Please note that this must be a unique name)
- Description (Optional)
- Scope selection
- Expiration length.
- All Manifest API Tokens expire within 1 year. We highly recommend setting the expiration time to <3 months for security reasons. Reminders will be sent to your email as the expiration date approaches.
- Click "Create" to generate your token and make sure you to save it immediately.
Copy your API token immediately and store it securely - you won't be able to see it again after leaving this screen.
Using Your API Token
Once you've created your token, you can use it to:
- Authenticate the Manifest CLI
- Set up Github Actions
- Configure automated SBOM and AIBOM workflows using our APIs: https://api-docs.manifestcyber.com/
For security reasons, we recommend that each integration should use a unique API token so you can track and manage access individually.
FAQs
-
What happens to my tokens if my role changes? If a role is downgraded in permissions, for security reasons, the user's tokens will be deleted.
-
How do I upload an SBOM to a specific sub-organization?
- Generate a unique API token for each sub-organization you have access to.
- Use that token when making requests for the corresponding sub-organization.
👉 Using tokens this way removes the need to pass an (sub)organization ID as a parameter.
Updated 6 days ago