YouTrack Server 2024.1 Help

Manage Permanent Tokens

In YouTrack Server, permanent tokens let developers access and perform operations securely using the REST API calls in their scripts and applications without having to implement OAuth 2.0 authentication flows. A permanent token allows access to a service with the permissions that are granted to the user account.

This page covers operations with permanent tokens that are performed in the user profile. For a sample of REST API calls using the permanent token, refer to the Permanent Token Authorization.

Create a Permanent Token

To access a service programmatically with the permissions that are granted to your user account, create your own permanent token.

In addition to the permissions that are listed here, you need permission to read the service that you want to access with the token. Access to connected services is managed in Hub. If you work with YouTrack Cloud or a YouTrack Server installation that uses the built-in Hub service, all users have access to YouTrack services.

If your YouTrack Server installation uses an external Hub service, permission to read the connected service is granted in two ways:

  • The Access setting for the service grants group members access to the application from the Services menu. If you are a member of a group that is granted access in this way, you can create a permanent token to access the service. Basically, if you can see the name and icon for the service in the Services menu, you can generate a token to access the service.

  • You are granted the Low-level Admin Read permission.

If you are logged in and you don't see the option to create a token, ask an administrator to grant the Low-level Admin Read permission to your account or to add you to a group for whom the service is visible.

To generate a new permanent token:

  1. Click your avatar in the application header and select Profile from the menu.

  2. Switch to the Account Security tab.

  3. Click the New token button.

  4. In the New Permanent Token dialog, specify a name for the new token and the access scope for it. The scope for the token is a list of services which you can access with this new token.

    New permanent token dialog

    YouTrack installations that use a built-in Hub service have separate scopes for YouTrack and YouTrack Administration.

    • The YouTrack scope grants permission to work with issues, tags, commands, agile boards, dashboards, reports, and other basic operations in YouTrack.

    • The YouTrack Administration scope grants permission to work with projects, manage user access, and update server settings.

    These scopes also give you the ability to send REST API calls to the following endpoints:







    Send API requests to the end-user part of YouTrack: issues, tags, commands, agile board, dashboard and reports.

    YouTrack Administration



    Send API requests to the administration part of YouTrack: project and access management, server settings, etc.

  5. Click the Create token button.

    • A dialog window with the new token is displayed.

    Permanent token created
  6. Use either of these two actions to copy the token:

    • Click the Copy token button.

    • Select the token with your pointer and use the standard keyboard shortcut for your operating system to copy the current selection to the clipboard.

  7. After you copy the token, close the dialog.

    • The new token is associated with your user account and is displayed in the Permanent Tokens list.

    Permanent token list

Delete a Permanent Token

A permanent token does not have an expiration date. If you suspect that an authenticated service has been compromised, you can explicitly delete this token in your profile.

To delete a permanent token:

  1. Click your avatar in the application header and select Profile from the menu.

  2. Switch to the Account Security tab.

  3. In the list of tokens, select the token that you want to revoke.

  4. Click the Delete button.

    • A confirmation dialog is displayed.

  5. Click the Delete button to confirm the action.

    Delete token confirm
    • The selected permanent token is deleted and removed from the list.

Last modified: 20 April 2024