Connections
Faros authenticates to sources using Connections. Connections can be created when creating a source, or from the Connections page. The page allows you to manage all of your existing connections and see when they were last modified. If a connection is edited, all sources using it to authenticate will pick up the changes. Similarly, if you choose to delete a connection all sources using it will stop pulling data. It is also possible to create different connections for a given scope with different permissions.
To create a new connection, first provide a unique name and source type.
Depending on the source you are connecting, additional fields will appear. Certain sources require a specific set of permissions before Faros can authenticate to them. To find out if certain permissions are required, hover over the help icon next to the API key or token input. For some of these connections, Faros will check if your tokens are correctly scoped. You can skip these checks by toggling the validation functionality off.
Once you have created a connection, all future sources can use it to authenticate.
API token requirements
Faros uses API tokens to periodically pull metadata; define token expiration according to your company policy and automation.
| Source | Token requirements |
|---|---|
| Asana | Provide a Personal Access Token. See the Asana documentation for instructions on creating the token. |
| Azure Repos | Provide access token with the following permissions: Code (Read), Graph (Read). |
| BambooHR | Create an API key with a user that has an access level with 'View Only' permissions for the following fields on all employees: Basic Info -> First Name, Last Name; Address -> all fields; Contact -> Work Email; Hire Date; Job Information -> Job Title, Reporting to, Department |
| Bitbucket | VCS: Provide Bitbucket "App Password" with read permissions: Accounts: read, Pull Requests: read, Issues: read, Workspace membership: read, Projects: read, Repositories: read CICD: Provide Bitbucket "App Password" with read permissions: Pipelines: read, Repositories, read |
| Buildkite | Provide Buildkite API access token with the following read permissions: Organization Access, Read Organizations, Read Pipelines, Read Builds, GraphQL API Access |
| ClickUp | Provide a Personal API token. See the ClickUp documentation for instructions on creating the token. |
| CircleCI | Provide a Personal API token. See the CircleCI documentation for instructions on creating the token. |
| CodeDeploy | Provide valid AWS credentials with the following permissions: codedeploy:ListDeployments, codedeploy:BatchGetDeployments |
| Datadog | Provide an API token and Application key with scopes: user_access_read, incident_read |
| Docker Registry | Provide a docker token with the scope read_api |
| GitHub | Provide GitHub API token with read permissions: repo, read:org, read:user |
| GitHub Enterprise | Provide GitHub API token with read permissions: repo, read:packages, read:org, read:discussion, read:user, user:email, read:enterprise |
| GitLab, GitLab CE/EE | Provide GitLab personal access token token with read permissions: read_api |
| Jira Cloud, Jira Server/DC | The integration user needs application access to Jira, the 'Browse Users' global permission, and the 'Browse Project' and 'View Development Tools' permissions for each project |
| Opsgenie | Create an API key with "Read" and "Configuration access" rights. See the documentation |
| Octopus Deploy | Provide an Octopus Deploy API token. Octopus does not have permission scopes on their API tokens. |
| PagerDuty | Create a Read Only API key by navigating to https://<your-org>.pagerduty.com/api_keys (instructions) |
| Phabricator | Create a Conduit API token with either a bot user or a regular user with visibility into the desired projects and repositories. |
| Sentry | Provide a Sentry token with scope org:read, project:read. |
| ServiceNow | Integration user should have the roles: sn_incident_read, cmdb_query_builder_read (details on roles) |
| SonarCloud | Create a token with a user that has 'Browse' permissions for each project. See the documentation |
| SonarQube | Create a token with a user that has 'Browse' permissions for each project. See the documentation |
| other connections | Please reach out to [email protected] with questions. |
Updated about 2 months ago