API tokens are the primary authentication mechanism for the Gatling Enterprise Edition public REST API and its official integrations—CI plugins, Maven/Gradle/sbt build plugins, and the JavaScript CLI. Each token carries a set of permissions that determine which operations the bearer can perform, making it straightforward to grant the minimum necessary access to each integration or automation script.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/gatling/gatling.io-doc/llms.txt
Use this file to discover all available pages before exploring further.
Accessing the API tokens page
Navigate to API Tokens in the Gatling Enterprise navigation bar. Any user with the Leader role or higher can access their own tokens; Administrators can manage tokens for the entire organization.Creating an API token
Name the token
Enter a descriptive name that makes the token’s purpose clear (for example,
GitHub Actions CI or Maven build pipeline). This name appears in the tokens table and helps you identify which token to rotate when credentials are compromised.Set permissions
Choose the permission level for this token. Permissions can be set globally (applying to all teams in the organization) or scoped to a specific team.
| Permission | What it allows |
|---|---|
| None | No access. Useful to explicitly restrict global access while granting team-specific permissions via a separate entry. |
| Read | Read all data: simulations, runs, reports, trends. |
| Start | Start test runs + Read permissions. Use this for CI plugins that only need to trigger runs. |
| Configure | Create/upload packages, create tests + Start permissions. Use this for build plugins that deploy packages and configure simulations. |
| Administrate | Full management of all organization resources: users, teams, tokens, packages, tests. |
Using the token
All Gatling Enterprise API requests require the token in theAuthorization HTTP header:
curl:
Managing existing tokens
The tokens table shows all tokens, their names, permission levels, and scope (global or team-specific). Available actions:| Action | How |
|---|---|
| Edit permissions | Click the pencil icon (✏️) on the right side of the token row |
| Regenerate token | Click the undo/rotate icon (↺) to issue a new token value and invalidate the old one |
Token scoping best practices
Principle of least privilege
Grant only the permissions a token actually needs. A CI pipeline that only triggers runs does not need Configure or Administrate access.
Separate tokens per integration
Create one token per integration (one for CI, one for Maven, etc.). This way you can rotate or revoke individual tokens without disrupting unrelated workflows.
Use team-scoped tokens
Scope tokens to the specific team whose resources the integration accesses, rather than granting global permissions.
Store tokens as secrets
Never commit tokens to source control. Store them in a secrets manager (AWS Secrets Manager, HashiCorp Vault, GitHub Actions Secrets, etc.).