YouTrack Standalone 2018.2 Help

Permanent Token Authorization

Permanent tokens give you secure access to YouTrack from your client applications and scripts. Compared to OAuth 2.0, authorization with a permanent token has the following advantages:

  • Secure token-based authorization — authorize access without implementing a complex OAuth 2.0 authorization flow to obtain access tokens.

  • Simple management — create your own permanent tokens in your user profile. If you suspect that your connection has been compromised, you can delete the token at any time and generate a new one.

  • Granular access — leverage the permission scheme to restrict the scope for different users. Permanent tokens only authorize actions that are allowed for the user who the token belongs to. You can create dedicated accounts for API users and grant a specific set of permissions to each.

To learn how to create or delete a permanent token in your user profile, see Manage Permanent Tokens.

Sample Request

The following sample shows a REST API call that a permanent token as the authorization Bearer attribute.


HTTP GET Authorization: Bearer perm:cm9vdA==.dG9rZW4=.rNZ38ije7uiWwnUTRDdyFDdUkoPUPi Accept: application/json


HTTP 200 OK Cache-Control → no-cache, no-store, no-transform, must-revalidate Content-Encoding → gzip Content-Length → 91 Content-Type → application/json;charset=UTF-8 Date → Tue, 24 Jan 2017 14:50:56 GMT Server → YouTrack Vary → Accept-Encoding, User-Agent X-Content-Type-Options → nosniff X-Frame-Options → SAMEORIGIN X-XSS-Protection → 1; mode=block [ { "id": "First Project", "url": "" }, { "id": "Second Project", "url": "" } ]
Last modified: 7 March 2019