Vulnerability Service API Token Provisioning
Request and use API tokens for authenticating against FOSSA's vulnerability service endpoints.
1 min readUpdated Jul 9, 2026
Overview
Vulnerability service endpoints (such as the snapshot download) use a dedicated token, separate from your main FOSSA API token.
Requesting a token
Email support@fossa.com with the subject line "Vulnerability Snapshot API Keys". FOSSA support will provision and return a key ID and key secret.
Using the token
Include the token in the Authorization header on every request to a vulnerability service endpoint:
Authorization: token <keyId>:<keySecret>Documentation for each endpoint that requires this token will repeat the header format inline.