Hub 2019.1 Help

Permanent Token Authorization

Permanent tokens support token-based authorization in REST API calls in scripts, plug-ins, and applications that communicate with external services. Simply create a new token with a specific access scope, and use it for authentication from wherever you want. Use the permanent token as the Bearer parameter of the Authorization request header.

You can create permanent tokens for your own account on the Authentication tab of your Hub account. For instructions, see Manage Permanent Tokens.

Using Permanent Tokens

Permanent tokens give you security and have the following benefits:

  • Secure token-based authorization without implementing complex OAuth 2.0 flows.

  • Simple management: You can easily create a token in your user profile. If you suspect that your connection has been compromised, you can revoke the token at any moment and generate a new one.

  • Granular access to services and operations: A permanent token is created for a user account and lets perform only those operations that this account has permissions for. Thus, you can create various user accounts with different access scopes and permissions and use them for your specific tasks in particular services.

Sample

The following sample shows a REST API request to get settings of a user group in Hub which utilizes a permanent token as the authorization Bearer attribute.

GET /hub/api/rest/usergroups/0946747a-4267-4c16-9455-02ffcd35a200/users?$skip=0&$top=50&fields=id,login,banned,name,profile(email,jabber,avatar),projectRoles(project(id,name),role(id,name)),groups(id,name,iconUrl,parent(id,name,parent(id,name,parent(id,name,parent(id,name,parent(id,name)))))),total&orderBy=login:asc&query= HTTP/1.1 Host: mycompany.com Accept: application/json, text/plain, */* Authorization: Bearer perm:YWRtaW4=.WW91VHJhY2sgQWRtaW4=.6Sj19GntoXSuSWGnSpPzDUXRVejUyu
Last modified: 17 February 2020