JetBrains Space EAP Help

Personal Token Authorization

Personal token is a permanent token that is created in the user profile and then used by an external application to access Space API on behalf of the user who owns the token.

  • Access managementcreate your own personal tokens in your user profile. Personal tokens only authorize actions that are allowed for the user who the token belongs to. You can further limit the scope of authorized actions when creating a token.

  • Implementation— easily authorize access without implementing a complex OAuth 2.0 authorization flow. Obtain a personal token from the user profile and provide it as the Bearer attribute of the Authorization header in API requests.

  • Securitymanage tokens from your profile. If you suspect that your connection has been compromised, you can revoke the token at any time and generate a new one. However, please note that permanent tokens are inherently less secure than temporary access tokens used in OAuth 2.0 authorization. If security is a concern, we recommend you register your application in Space and use one of the standard OAuth 2.0 authorization flows.

To learn how to obtain a personal token from your profile, see Personal Tokens

Example of an HTTP request with a personal token

This HTTP API call uses a permanent token as the Bearer attribute of the Authorization header.

Request:

GET https://mycompany.jetbrains.space/api/http/team-directory/locations?query=&type=Region&withArchived=true&$fields=id,archived,channelId,name,type,tz Authorization: Bearer eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJhSGZ2eDEyZTU1dCIsImF1ZCI6ImNpcmNsZXQtd2ViLXVpIiwib3JnRG9tYWluIjoibXljb21wYW55Iiwic2NvcGUiOiIqKiIsIm5hbWUiOiJ0cmF2aXMud2lja2V0dCIsImlzcyI6Imh0dHBzOlwvXC9qZXRicmFpbnMuc3BhY2UiLCJwcmluY2lwYWxfdHlwZSI6IlVTRVIiLCJleHAiOjE1OTAxNTk2ODYsImlhdCI6MTU5MDE1OTA4Niwic2lkIjoiMXRjbU1CMkxGZzl1In0.VJaqfkGt2RCArKg9l6oZWpA5_29DrKXLYdEAQpKaP4TuA3kHmqn7xv90NabF6Inot8zfnK1pRUc07zSunxe1lCOK81N7_GeNgw6rHB_3S-XGoOAO-7OSVVH-duffpueUj-sWcBHfCI9iTofuTZgXUZ7IcJ_FP8vyNBhM_kgx-As Accept: application/json

Response:

200 accept-ranges: bytes content-encoding: gzip content-security-policy: frame-ancestors 'none' content-type: application/json date: Fri, 22 May 2020 14:47:06 GMT referrer-policy: no-referrer status: 200 vary: Origin x-frame-options: DENY [ { "id": "2w9S8K2x3Aqy", "name": "The Netherlands", "tz": null, "type": "Region", "channelId": null, "archived": false }, { "id": "1sjSCi2B6qdM", "name": "Russian Federation", "tz": null, "type": "Region", "channelId": null, "archived": false }, { "id": "4Vsy4f3sCNkX", "name": "USA", "tz": null, "type": "Region", "channelId": null, "archived": false }, { "id": "14fTZH1pMwJ5", "name": "Germany", "tz": null, "type": "Region", "channelId": null, "archived": false } ]
Last modified: 25 May 2020