Faros authenticates to sources using Connections. Connections can be created when creating a source, or from the Connections page. The page allows you to manage all of your existing connections and see when they were last modified. If a connection is edited, all sources using it to authenticate will pick up the changes. Similarly, if you choose to delete a connection all sources using it will stop pulling data. It is also possible to create different connections for a given scope with different permissions.

To create a new connection, first provide a unique name and source type.

Depending on the source you are connecting, additional fields will appear. Certain sources require a specific set of permissions before Faros can authenticate to them. To find out if certain permissions are required, hover over the help icon next to the API key or token input. For some of these connections, Faros will check if your tokens are correctly scoped. You can skip these checks by toggling the validation functionality off.

Once you have created a connection, all future sources can use it to authenticate.

API token requirements

Faros uses API tokens to periodically pull metadata; define token expiration according to your company policy and automation.

SourceToken requirements
AsanaProvide a Personal Access Token. See the Asana documentation for instructions on creating the token.
Azure ReposProvide access token with the following permissions: Code (Read), Graph (Read).
BambooHRCreate an API key with a user that has an access level with 'View Only' permissions for the following fields on all employees: Basic Info -> First Name, Last Name; Address -> all fields; Contact -> Work Email; Hire Date; Job Information -> Job Title, Reporting to, Department
BitbucketVCS: Provide Bitbucket "App Password" with read permissions: Accounts: read, Pull Requests: read, Issues: read, Workspace membership: read, Projects: read, Repositories: read

CICD: Provide Bitbucket "App Password" with read permissions: Pipelines: read, Repositories, read
BuildkiteProvide Buildkite API access token with the following read permissions: Organization Access, Read Organizations, Read Pipelines, Read Builds, GraphQL API Access
ClickUpProvide a Personal API token. See the ClickUp documentation for instructions on creating the token.
CodeDeployProvide valid AWS credentials with the following permissions: codedeploy:ListDeployments, codedeploy:BatchGetDeployments
Docker RegistryProvide a docker token with the scope read_api
GitHubProvide GitHub API token with read permissions: repo, read:org, read:user
GitHub EnterpriseProvide GitHub API token with read permissions: repo, read:packages, read:org, read:discussion, read:user, user:email, read:enterprise
GitLab, GitLab CE/EEProvide GitLab personal access token token with read permissions: read_api
Jira Cloud, Jira Server/DCThe integration user needs application access to Jira, the 'Browse Users' global permission, and the 'Browse Project' and 'View Development Tools' permissions for each project
OpsgenieCreate an API key with "Read" and "Configuration access" rights. See the documentation
PagerDutyCreate a Read Only API key by navigating to https://<your-org> (instructions)
PhabricatorCreate a Conduit API token with either a bot user or a regular user with visibility into the desired projects and repositories.
SentryProvide a Sentry token with scope org:read, project:read.
ServiceNowIntegration user should have the roles: sn_incident_read, cmdb_query_builder_read (details on roles)
SonarCloudCreate an API key with a user that has 'Browse' permissions for each project. See the documentation
other connectionsPlease reach out to [email protected] with questions.

What’s Next