API Token based authentication

An API token is a string that is provided when making API calls and is sent as part of the HTTP request header. API tokens make authentication possible without the need for user credentials.  

Create an API Token

The API token(s) are associated with a user account. Users with "Administer Security" privileges can create a token for their own user account or for a service account. The API token will use the role privileges and permissions associated with its user account when performing operations.

For security reasons, once a token is generated, it cannot be updated or viewed so you'll need to record it in a secure location for future use. An API token(s) does not expire and can be revoked as needed. Once revoked, the token cannot be used anymore and any existing API calls using the token will fail.

To create an API token:

1. Log in to the web application and navigate to the web administration page.
2. Navigate to Security > Users, then double-click on the user or service account for which you want to create an API token.
3. Click the API Tokens tab.
4. Click on the + button.

5. Enter the Name of the token and click Create. The system displays the new API Token. Take note of the token and keep it in a safe place to use later.

6. Close the slide-out and return to the API token grid. The Last Accessed time of the token is updated any time an API call is made with the token.

7. An API token can be revoked by hovering over the row and clicking on the Revoke action button.

 

Note: The maximum number of API tokens you can create is 25.

 

Using an API Token

The API token must be sent in as one of the request headers with key name as “apitoken” and the value as the token string.

The following is an example using Postman:

Note: A 401 Unauthorized or invalid token response is returned for invalid API tokens.