Manage Permanent Tokens
In YouTrack Standalone, permanent tokens allows developers to access and perform operations securely via REST API calls in their scripts and applications without implementation of more complicated OAuth 2.0 authentication flows. A permanent token allows access to YouTrack instance with the permissions that are assigned to the user account with generated it.
A permanent token does not have an expiration date. If you suspect that the transactions with a YouTrack service using a permanent token have been compromised, you can explicitly revoke this token in your profile.
This page covers operations with permanent tokens that are performed in the user profile. For a sample of REST API calls using the permanent token, refer to the Log in to YouTrack page in the Resources for Developers section.
Obtain a new permanent token
To obtain a new permanent token:
Open your user profile. Switch to your Hub profile.
Open the Authentication tab.
Click the New token... button.
- In the New Permanent Token dialog, specify a name for the new token and the access scope for it. The scope for the token is a list of services which you can access with this new token. For the YouTrack instance with the built-in Hub, a scope basically let you send REST API calls to the following endpoits:
Scope
URLs
Description
YouTrack
/rest/...
/api/...
Send API requests to the end-user part of YouTrack: issues, tags, commands, agile board, dashboard and reports.
YouTrack Administration
/hub/api/...
/hub/rest/...
Send API requests to the administration part of YouTrack: project and access management, server settings, etc.
- Click the Create token button.
A dialog window with the new token is displayed.
- Copy the token and keep it in a secure location.
A new token is associated with your user account and is displayed in the list in the Authentication tab.
Delete a permanent token
To delete a permanent token:
Open your user profile. Switch to your Hub profile.
Open the Authentication tab.
In the list of tokens, select the token that you want to revoke.
- Click the trash button.
A confirmation dialog is displayed.
- Click the Delete button.
Selected permanent token is deleted and removed from the list.