Skip to content
Phaset Docs

Organization Access Tokens

Using Organization Access Tokens (OATs) allows you to automate most of Phaset.

Being long-lived impersonal credentials, they enable you—or a system—to perform actions in Phaset over the API without having to do it using your personal JWT credentials. Note that OATs, while powerful, cannot perform all actions, especially those that allow privilege escalation or any of the most destructive actions.

Use cases

Section titled “Use cases”

Organization Access Tokens are ideal for automation scenarios where human interaction isn’t practical or desired. Here are examples of what you could do with OATs:

Automated Compliance Reporting

Section titled “Automated Compliance Reporting”

Schedule regular jobs to fetch standards compliance data, health scores, and DORA metrics for reporting dashboards or compliance systems. This enables continuous monitoring without manual intervention.

Infrastructure as Code

Section titled “Infrastructure as Code”

Manage your Phaset metamodel (domains, groups, systems) programmatically alongside your infrastructure definitions. This ensures your architecture documentation stays in sync with your actual systems.

Third-Party Integrations

Section titled “Third-Party Integrations”

Connect Phaset to external tools like monitoring systems, incident management platforms, or custom internal tools. OATs provide a secure way for these systems to read and write data without requiring individual user credentials.

Webhook Processors

Section titled “Webhook Processors”

Build automated workflows that respond to events from other systems. For instance, automatically update catalog records when receiving webhooks from your version control system, or create baselines when new standards are published.

Batch Operations

Section titled “Batch Operations”

Perform bulk operations across multiple records, such as updating metadata for all services in a domain, or generating reports for all systems owned by a particular team.

Service Accounts for Applications

Section titled “Service Accounts for Applications”

Give your internal applications their own credentials to interact with Phaset, following the principle of least privilege by granting only the specific permissions each application needs.

Managing OATs

Section titled “Managing OATs”

It’s easy to manage (create, update, delete, view) your Organization Access Tokens. In the web application, you will find them under the Organization settings > Tokens.

Organization Access Tokens as seen in the Phaset web application

By default, tokens exist for a maximum of 180 days.

Using an OAT in an API call

Section titled “Using an OAT in an API call”

When calling the Phaset API, you will need to use the format OAT#{ORGANIZATION_ID}#{TOKEN} in the Authorization header. Substitute the curly-brace bits to your own values. The leading “OAT” part is case-insensitive.

For example, if you have an OAT that can get information on the organization, it would be used like this with curl:

Terminal window
curl --request GET \
  --url {API_ENDPOINT}/organization/{ORGANIZATION_ID} \
  --header 'Authorization: Bearer {OAT_TOKEN}'