Faros authenticates to sources using Connections. Connections can be created when creating a source, or from the Connections page. The page allows you to manage all of your existing connections and see when they were last modified. If a connection is edited, all sources using it to authenticate will pick up the changes. Similarly, if you choose to delete a connection all sources using it will stop pulling data. It is also possible to create different connections for a given scope with different permissions.


To create a new connection, first provide a unique name and source type.


Depending on the source you are connecting, additional fields will appear. Certain sources require a specific set of permissions before Faros can authenticate to them. To find out if certain permissions are required, hover over the help icon next to the API key or token input. For some of these connections, Faros will check if your tokens are correctly scoped. You can skip these checks by toggling the validation functionality off.


Once you have created a connection, all future sources can use it to authenticate.

API token requirements

Faros uses API tokens to periodically pull metadata; define token expiration according to your company policy and automation.


Token requirements


Provide GitHub API token with read permissions: repo, read:org, read:user

GitHub Enterprise

Provide GitHub API token with read permissions: repo, read:packages, read:org, read:discussion, read:user, user:email, read:enterprise

GitLab, GitLab CE/EE

Provide GitLab personal access token token with read permissions: read_api


VCS: Provide Bitbucket "App Password" with read permissions: Pull Requests : read, Issues: read, Workspace membership :read, Projects: read, Repositories: read

CICD: Provide Bitbucket "App Password" with read permissions: Pipelines: read, Repositories, read


Provide Buildkite API access token with the following read permissions: Organization Access, Read Organizations, Read Pipelines, Read Builds, GraphQL API Access


Provide valid AWS credentials with the following permissions: codedeploy:ListDeployments, codedeploy:BatchGetDeployments

Docker Registry

Provide a docker token with the scope read_api


Provide a Sentry token with scope org:read, project:read.

Jira Cloud, Jira Server/DC

The integration user needs application access to Jira, the 'Browse Users' global permission, and the 'Browse Project' and 'View Development Tools' permissions for each project


Create a Read Only API key by navigating to (instructions)


Integration user should have the roles: sn_incident_read, cmdb_query_builder_read (details on roles)


Create an API key with "Read" and "Configuration access" rights. See the documentation


Create an API key with a user that has an access level with 'View Only' permissions for the following fields on all employees: Basic Info -> First Name, Last Name; Address -> all fields; Contact -> Work Email; Hire Date; Job Information -> Job Title, Reporting to, Department


Create a Conduit API token with either a bot user or a regular user with visibility into the desired projects and repositories.


Create an API key with a user that has 'Browse' permissions for each project. See the documentation

other connections

Please reach out to [email protected] with questions.

Did this page help you?