Obtain the required tokens for setup

To set up the Code Agent wtih the Broker client, you need the following tokens:

  • Snyk API token - this token is required for the Code Agent setup. It is used in the -e SNYK_TOKEN parameter to authenticate the Code Agent component with your Snyk Account. See How to obtain your Snyk API token and Set up the Code Agent.

  • Broker token - this token is required for the Broker client setup. It is used in the -e BROKER_TOKEN parameter. The Broker token is associated with a specific Organization by default and with a specific integrated SCM, and enables Snyk Broker deployment for this Organization and SCM. For each SCM, a different Broker token is required. For details, see Obtain your Broker token for Snyk Broker - Code Agent.

  • Integrated SCM token - this token is required for the Broker Client setup. It is used in the -e <SCM>_TOKEN parameter, or example, -e GITHUB_TOKEN=xxx…, to enable access to the SCM with certain permissions needed for the operation of the Broker and Snyk Code. See Obtain your SCM token.

After you have obtained the required tokens, save them in a safe and accessible place. When you start setting up the Code Agent and the Client Broker components, you will need to use these tokens.

Obtain your Broker token for Snyk Broker - Code Agent

You have the following options for obtaining the Broker token:

  • Using an existing Broker token for the Code Agent setup - if you already have a Broker token, which you used for running the Broker client for another Snyk product in the same Organization and the same SCM, you can also use it to set up Snyk Broker - Code Agent.

  • Using the same Broker token for multiple Snyk Organizations - Although by default a Broker token is associated with only one Snyk Organization, if you have Organization Admin permissions, you can use the same Broker token for multiple Organizations as follows:

    • A new Organization - if you create a new Organization based on an existing Organization that has a Broker token, the existing Broker token is cloned during creation of the new Organization, and you can use it for the new Organization as well.

    • An existing Organization – if you want to use an existing Broker token for other existing Organizations, you can use the Clone an integration API v1 endpoint. This API clones existing integration settings, including the Broker token of the Integration.

  • Using a Broker token for redundancy - if you set up two Broker Clients for the same Organization and the same SCM for redundancy purposes, you must use the same Broker token for both Broker clients. You can obtain the Snyk Broker token in the following ways:

    • Recommended: ask your Snyk account team to generate a Broker token for you, and then obtain it from the Web UI.

    • Generate the Broker token using Snyk APIs (see the instructions that follow).

After a Broker token is generated by either method, you can obtain your Broker token from the Web UI.

Generate your Broker token using the Snyk API

You can generate the Broker token by using the Snyk v1 API as follows:

  1. Use the Update Existing Integration API v1 endpoint to enable Snyk Broker for a specific Organization and a specific SCM. This generates a Broker token in the UI.

  2. To generate a Broker token programmatically, after enabling Snyk Broker, use the Provision new Broker token API v1 endpoint, to generate a Broker token. You can see the generated Broker token in the API response body and on the Web UI.

  3. Copy and save the Broker token and store it in a secure location for future use, or obtain it later using the Web UI.

Obtain your Broker token from the Web UI

Your Broker token is displayed on the Web UI after it is generated. Follow these steps to obtain the token.

  1. In the Snyk Web UI, select the Organization for which you want to set up the Snyk Broker.

  2. In the selected Organization, select Integration. Find the Integration to which you want to connect Snyk Broker, and click the Settings icon.

  3. On the Settings page of the selected Integration, in the Broker Credentials section, copy the Broker token from the Token box and save it for future use:

Obtain your SCM token

To obtain your SCM token, follow the instructions provided by the SCM you want to integrate with the Snyk Broker, and create a token with the required permissions.

The following SCM tokens are required for the different SCMs:

GitHub and GitHub Enterprise:

GITHUB_TOKEN= - a GitHub personal access token. Scopes: repo, read:org and admin:repo_hook.

See GitHub documentation - Creating a personal access token__


GITLAB_TOKEN= - a GitLab personal access token. Gitlab account with Maintainer permissions. Scope: api.

See Gitlab documentation - Personal access tokens__

Azure Repos:

AZURE_REPOS_TOKEN= - an Azure Repos personal access token. Scopes: Custom defined, ** Code: ** Read & write.

See Azure Repos documentation - Use personal access tokens__

Bitbucket Server/Data Center:

BITBUCKET_USERNAME=, BITBUCKET_PASSWORD= – the Bitbucket Server username and password or a Bitbucket Server personal access token. Scope: Repository admin.

See Bitbucket Server documentation - Personal access tokens\

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.