Your instrumentation use access tokens to identify the project the tracer is reporting for. Microsatellites need this token to accept and store span data from the tracer. Reports from clients with invalid or deactivated access tokens will be rejected on ingress.

If you’re using a Developer Mode Satellite, the access token is developer.

Why have more than one access token

Access tokens tell the tracer which Lightstep Observability project to report to. You may want to create more than one token when you want fine-grained control over the data your services send to Lightstep Observability. For example, you can have separate tokens for your clients and backend services. This way, if you have key rotation policies for public services (i.e. web or mobile clients), you can disable only that one and deploy a new token without affecting the other clients’ reporting or having to roll out changes in multiple places.

Create an access token

You create access tokens for projects from the Project Settings page. Access tokens allow the Microsatellites to report data to a specific Lightstep Observability project.

To create an access token:

  1. Choose the project to create the access token for.

  2. From the Navigation Bar, click Project Settings.

  3. In the Access Tokens table, click Create New.

    A new row in the table is created with a token. By default, tokens are not given a name.

    It may take up to 5 minutes for the token to propagate to all active Microsatellites.

  4. To name the token, click Rename, enter a name, and click Rename Token.

Disable/enable an access token

You can disable access tokens when needed. Disabled tokens can be reactivated.

To disable an access token, in the Access Tokens table, click Disable for the token.

You can view all disabled tokens using the switch at the top of the table.

Reactivate a disabled token by clicking Enable.

It may take up to 5 minutes for the disable/enable signal to propagate to all active Microsatellites.