YouTrack InCloud 2017.3 Help

Log in to YouTrack

In YouTrack 2017.1. we introduce permanent tokens feature that enables token-based authorization for REST API calls in scripts and applications. It increases security for YouTrack integrations with external services.

Starting with this release, we recommend that you use authorization based on permanent tokens as the main approach for the authorization in your REST API calls.

OAuth 2.0 Authorization is recommended only for developing web applications that use YouTrack REST API and require client-side authentication.

Using Permanent Tokens

Permanent tokens give you security and have the following benefits:

  • Secure token-based authorization without implementing complex OAuth 2.0 flow to obtain and refresh a token.
  • Simple management: You can easily create a token in your user profile. If you suspect that your connection has been compromised, you can revoke the token at any moment and generate a new one.
  • Granular access for scripts: A permanent token is created for a user account and lets perform only those operations that this account has permissions for. Thus, you can create various user accounts with different access scopes and permissions and use them for your specific tasks in particular services.

General procedures of creating and revoking a token in a user profile are described in the Manage Permanent Tokens page.

Sample

The following sample shows a REST API call which utilizes a permanent token as the authorization Bearer attribute.

Request:

HTTP GET https://youtrack.domain.com/rest/admin/project Authorization: Bearer perm:cm9vdA==.dG9rZW4=.rNZ38ije7uiWwnUTRDdyFDdUkoPUPi Accept: application/json

Response:

HTTP 200 OK Cache-Control → no-cache, no-store, no-transform, must-revalidate Content-Encoding → gzip Content-Length → 91 Content-Type → application/json;charset=UTF-8 Date → Tue, 24 Jan 2017 14:50:56 GMT Server → YouTrack Vary → Accept-Encoding, User-Agent X-Content-Type-Options → nosniff X-Frame-Options → SAMEORIGIN X-XSS-Protection → 1; mode=block [ { "id": "First Project", "url": "https://youtrack.domain.com/rest/admin/project/FP" }, { "id": "Second Project", "url": "https://youtrack.domain.com/rest/admin/project/SP" } ]
Last modified: 18 August 2017