Permanent Token Authorization
Permanent tokens support token-based authorization in REST API calls in scripts, plug-ins, and applications that communicate with external services. Simply create a new token with a specific access scope, and use it for authentication from wherever you want. Use the permanent token as the
Bearer parameter of the
Authorization request header.
You can create permanent tokens for your own account on the Authentication tab of your Hub account. For instructions, see Manage Permanent Tokens.
Using Permanent Tokens
Permanent tokens give you security and have the following benefits:
Secure token-based authorization without implementing complex OAuth 2.0 flows.
Simple management: You can easily create a token in your user profile. If you suspect that your connection has been compromised, you can revoke the token at any moment and generate a new one.
Granular access to services and operations: A permanent token is created for a user account and lets perform only those operations that this account has permissions for. Thus, you can create various user accounts with different access scopes and permissions and use them for your specific tasks in particular services.
The following sample shows a REST API request to get settings of a user group in Hub which utilizes a permanent token as the authorization
GET /hub/api/rest/usergroups/0946747a-4267-4c16-9455-02ffcd35a200/users?$skip=0&$top=50&fields=id,login,banned,name,profile(email,jabber,avatar),projectRoles(project(id,name),role(id,name)),groups(id,name,iconUrl,parent(id,name,parent(id,name,parent(id,name,parent(id,name,parent(id,name)))))),total&orderBy=login:asc&query= HTTP/1.1 Host: mycompany.com Accept: application/json, text/plain, */* Authorization: Bearer perm:YWRtaW4=.WW91VHJhY2sgQWRtaW4=.6Sj19GntoXSuSWGnSpPzDUXRVejUyu