Create a bot (service account) user with an API token

You can create a bot user, to prevent a scenario where human users attempt to refresh an expired API token, causing your integration or API access to stop working. A bot user does not expire.

We also refer to a bot user as a service account since it is not associated with any individual person.

Note: If you do not have administrative permissions in SecurityScorecard, ask an administrator to create the user and API token for you.


  1. In SecurityScorecard, click your profile avatar and select My Settings.
  1. On the People Management tab under Admin Settings, click Invite People
  1. Make the new user a bot so that it will not expire. This prevents a scenario where human users attempt to refresh an expired API token, causing the integration to stop working.
  2. Name the bot user and select the desired Access Level (here Read Only if the purpose is only to retrieve/get data from the platform). Then click Add User.
  1. Click Create API token for the new bot user.
  1. Click Confirm.
  1. Copy the API token and click Done. Store the token securely.

Did this page help you?