YouTrack Standalone 2017.4 Help

Log in to YouTrack

Permanent tokens enable token-based authorization for REST API calls in scripts and applications. This feature increases security for YouTrack integrations with external services.

We recommend that you use authorization based on permanent tokens as the main approach for the authorization in your REST API calls.

OAuth 2.0 Authorization is recommended only for developing web applications that use YouTrack REST API and require client-side authentication.

Using Permanent Tokens

Permanent tokens give you security and have the following benefits:

  • Secure token-based authorization without implementing complex OAuth 2.0 flow to obtain and refresh a token.

  • Simple management: You can easily create a token in your user profile. If you suspect that your connection has been compromised, you can revoke the token at any moment and generate a new one.

  • Granular access for scripts: A permanent token is created for a user account and lets perform only those operations that this account has permissions for. Thus, you can create various user accounts with different access scopes and permissions and use them for your specific tasks in particular services.

General procedures of creating and revoking a token in a user profile are described in the Manage Permanent Tokens page.


The following sample shows a REST API call which utilizes a permanent token as the authorization Bearer attribute.


HTTP GET Authorization: Bearer perm:cm9vdA==.dG9rZW4=.rNZ38ije7uiWwnUTRDdyFDdUkoPUPi Accept: application/json


HTTP 200 OK Cache-Control → no-cache, no-store, no-transform, must-revalidate Content-Encoding → gzip Content-Length → 91 Content-Type → application/json;charset=UTF-8 Date → Tue, 24 Jan 2017 14:50:56 GMT Server → YouTrack Vary → Accept-Encoding, User-Agent X-Content-Type-Options → nosniff X-Frame-Options → SAMEORIGIN X-XSS-Protection → 1; mode=block [ { "id": "First Project", "url": "" }, { "id": "Second Project", "url": "" } ]
Last modified: 7 March 2019