Vulnerability Service API Token Provisioning

Request and use API tokens for authenticating against FOSSA's vulnerability service endpoints.

1 min readUpdated Jul 9, 2026

Overview

Vulnerability service endpoints (such as the snapshot download) use a dedicated token, separate from your main FOSSA API token.

Requesting a token

Email support@fossa.com with the subject line "Vulnerability Snapshot API Keys". FOSSA support will provision and return a key ID and key secret.

Using the token

Include the token in the Authorization header on every request to a vulnerability service endpoint:

Authorization: token <keyId>:<keySecret>

Documentation for each endpoint that requires this token will repeat the header format inline.

© 2026 FOSSA, Inc.support@fossa.com