Permanent Token Authorization
In the 2017.1 release, we introduce permanent tokens feature that enables token-based authorization for REST API calls in scripts, plug-ins, and applications that communicate with external services. Use the permanent token as the
Bearer parameter of the
Authorization request header.
General procedures of creating and revoking a token in a user profile are described in the Manage Permanent Tokens page.
Using Permanent Tokens
Permanent tokens give you security and have the following benefits:
- Secure token-based authorization without implementing complex OAuth 2.0 flows.
- Simple management: You can easily create a token in your user profile. If you suspect that your connection has been compromised, you can revoke the token at any moment and generate a new one.
- Granular access to services and operations: A permanent token is created for a user account and lets perform only those operations that this account has permissions for. Thus, you can create various user accounts with different access scopes and permissions and use them for your specific tasks in particular services.
The following sample shows a REST API request to get settings of a user group in Hub which utilizes a permanent token as the authorization
GET /hub/api/rest/usergroups/0946747a-4267-4c16-9455-02ffcd35a200/users?$skip=0&$top=50&fields=id,login,banned,name,profile(email,jabber,avatar),projectRoles(project(id,name),role(id,name)),groups(id,name,iconUrl,parent(id,name,parent(id,name,parent(id,name,parent(id,name,parent(id,name)))))),total&orderBy=login:asc&query= HTTP/1.1 Host: mycompany.com Accept: application/json, text/plain, */* Authorization: Bearer perm:YWRtaW4=.WW91VHJhY2sgQWRtaW4=.6Sj19GntoXSuSWGnSpPzDUXRVejUyu