Programmatic Access Setup

Updated: October 30, 2025

Organizations

Overview

FireTail's programmatic access enables secure, API-based interaction, bypassing the traditional UI interface. This feature uses client credentials with scoped role-based permissions.

Access

Important: Programmatic access is not enabled by default. You must request it from FireTail support.

Initial configuration

Once FireTail support has added the feature to your organization:

  • In the side menu, go to Platform. Select Programmatic Access.
  • Toggle Enable Programmatic Access to on.
  • The client credentials management interface will become available

Creating client credentials

Understanding user scope inheritance

Client credentials are directly tied to the creating user's permissions and access level.

Key inheritance rules:

  • Scope limitation: You can only assign permissions that you currently possess.
  • Dynamic updates: If your user permissions change to "Read Only," all your created credentials automatically become read-only.
  • User deletion impact: If your user account is deleted, all associated client credentials become invalid.

Creating client credentials

  • In the side menu, go to Platform. Select Programmatic Access.
  • Click Create New Client Credential.
  • The credential configuration dialog will open.

Fields:

  • Client credential name: A descriptive name for identification.
  • Description: Detailed explanation of the credential's purpose.
  • Valid to: Expiration date and time for the credential.
  • Timezone: Defaults to your local timezone.

Permissions

Role-Based access control

Admin role

  • Grants full administrative access across all resources.
  • Includes all available scopes for every resource category.

Read only role

  • Grants view-only permissions (get and list operations typically).
  • Cannot modify or delete any resources.

Click Admin or Read Only to automatically apply permissions to all scopes. You can customize individual permissions afterward.

Granular scoped permissions

Scoped permissions

Configure granular access by selecting specific scopes for each resource category:

Available scopes

  • create - Create new resources
  • delete - Delete existing resources
  • get - Retrieve resource details
  • list - List multiple resources
  • run - Execute operations
  • update - Modify existing resources
Resource categories

Each category below can be configured with any combination of the above scopes:

  • Actions
  • AI Models
  • AI Logs
  • AI Messages
  • AI Prompts
  • AI Services
  • Alerting
  • API:
    • API Token
  • Project
    • Project Token
  • Authentication Provider
  • Events
  • Filters
  • Findings
  • Incident Policies
  • Incidents
  • Integrations
  • Traffic Log
  • Notification History
  • Organization
  • Reporting
  • Search
  • Specifications
  • Specification Version

Special requirements: Search endpoint

The search functionality has specific permission requirements:

Required Permissions:

  • Search Creation: search: create permission
  • Resource Access: list permission for each resource type you want to search

When you have your permissions selected click Submit.

After creating client credentials, you'll receive:

  • Client ID - Your unique identifier.
  • Client Secret - Your authentication secret.

Security warning: Store your client secret and ID securely. It cannot be retrieved again and provides full access according to your configured permissions.

Need help?

Contact FireTail support