This section provides some workflow information for how to use API access tokens as part of your API projects in . An access token is a hashed string that enables authentication when submitted to any endpoint. Access tokens limit exposure of clear-text authentication values and provide an easy method of managing authentication outside of the browser.
v4and later of the APIs. They can be used for authentication with any supported version of the APIs.
This feature must be enabled in your instance of the platform. For more information, see Enable API Access Tokens.
API access tokens must be created.
NOTE: The first time that you request a new API token, you must submit a separate form of authentication to the endpoint. To generate new access tokens after you have created one, you can use a valid access token if you have one.
For more information, see API AccessTokens Create v4.
Tokens can be generated from the web application.
-1to create a non-expiring token.
NOTE: Copy the value of the token to the clipboard and store it in a secure location for use with your scripts.
Tip: If you wish to manage your token via the APIs, you should copy the Token ID value, too. The Token ID can always be retrieved from the .
For more information, see Access Tokens Page.
After a token has been acquired, it must be included in each request to the server, for as long as it is valid.
NOTE: After a token has been created, it cannot be extended or modified.
NOTE: API access tokens are not used by users in the .
NOTE: When using the APIs in SSO environments, API access tokens work seamlessly with platform-native versions of SAML and LDAP-AD. They do not work with the reverse proxy SSO methods. For more information, see API Authentication.
After you have acquired the token, you submit it with each API request to the platform.
Example - cURL:
curl http://tri.example.com:3005/v4/jobs -X GET -H "Authorization: Bearer (tokenValue)"
(tokenValue)is the value returned for the token when it was created.
Example - REST client:
If you are submitting your API calls through a REST client, the Authorization header must be specified as follows:
Authorization: Bearer (tokenValue)
NOTE: For security reasons, you cannot acquire the actual token through any of these means.
Tip: You can see all of your current and expired tokens through the . See Access Tokens Page.
|List all access tokens for your user account.|
|API AccessTokens Get v4||List your access token for the specified token ID.|
New tokens can be acquired at any time.
NOTE: It is the responsibility of the user to acquire a new API token before the current one expires. If a token is permitted to expire, a request for a new token must include userId and password information.
tokenIdvalue for the token and use the delete endpoint. See API AccessTokens Delete v4.