> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leen.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Orca Security

> Instructions to create a service user and authenticate with Orca Serving Layer API

## Supported Data Models

* [Vulnerability Findings](/integrations/vulnerability-findings-v2)
  * type: `code`
  * type: `host`
  * type: `container`

* Resources
  * type: `branch`
  * type: `container`
  * type: `host`
  * type: `image`

## Required Parameters

These parameters are mandatory for the connector to authenticate and function properly.

| Variable         | Description                                                   |
| ---------------- | ------------------------------------------------------------- |
| `ORCA_API_TOKEN` | Your Orca API token (created as described in the steps below) |
| `ORCA_REGION`    | Region for the Orca Security Account                          |

## Onboarding Orca

Follow the steps below to onboard your environment to our Orca integration.

<Steps>
  <Step title="Access Orca API Token Creation Screen">
    1. Go to **Settings** > **Users & Permissions** > **API**. The list of all API tokens created in Orca appears.
    2. Click **Add API Token**.
    3. On the **General Configuration** screen, copy the **Organization UUID** and save it.

           <img src="https://mintcdn.com/leen/vQ2Rhs44KY1LGMJC/images/orca/api-token-screen.png?fit=max&auto=format&n=vQ2Rhs44KY1LGMJC&q=85&s=339a65f1299caaf9c2ebbb221310c55f" alt="Create API Token" width="1498" height="699" data-path="images/orca/api-token-screen.png" />
  </Step>

  <Step title="Define the API token settings">
    1. Fill in the **Name**. Enter a unique name for the API token.
    2. **Description**: Describe the API token.
    3. **Never Expire**: Mark this checkbox to create a token that is valid forever.
    4. **Service Token**: Mark this checkbox to indicate that the created token is a service token.

    <Info>
      Service tokens are not linked to a specific user. The token is scoped according to the user who created it but can still be used if the user is removed from the organization.
    </Info>

    5. **Role**: Select the **Viewer** role from the dropdown. This is the minimum role required to read and retrieve data for the integration.

           <Info>
             The Viewer role provides read-only access to all Orca resources including alerts, assets, and vulnerabilities. The integration does not require Editor or Administrator roles.
           </Info>

    6. **Scope**: Configure which cloud accounts or business units the API token can access:

       * **All Cloud Accounts**: Leave the scope unchecked to allow the integration to access data from all cloud accounts and business units in your Orca environment.
       * **Specific Resources**: Check "Scope access to specific resources" to limit the token to designated accounts or business units only.

       The integration fetches the following data types from scoped resources:

       * **Alerts**: Security alerts including vulnerability findings of type `code`, `host`, and `container`
       * **Assets**: Resource information including branches, containers, hosts, and images
       * **Application Security findings**: Code security vulnerabilities from AppSec scans

           <Warning>
             If you scope the token to specific resources, ensure you include all cloud accounts, Kubernetes clusters, and AppSec projects that you want to monitor. The integration will only fetch data from resources included in the token's scope.
           </Warning>

    7. Click **OK** to create the API token.
  </Step>

  <Step title="Save the API token">
    1. Click **Add**. The Integration API Token window appears.
    2. Copy the token, and then click **Continue**.
    3. Save the API token for future use.

    <Warning>
      You can't access the token again after closing the window.
    </Warning>

    4. The new API token appears in the list of tokens.
  </Step>
</Steps>