Permanent Token Authorization
Permanent tokens give you secure access to YouTrack from your client applications and scripts. Compared to OAuth 2.0, authorization with a permanent token has the following advantages:
Secure token-based authorization — authorize access without implementing a complex OAuth 2.0 authorization flow to obtain access tokens.
Simple management — create your own permanent tokens in your user profile. If you suspect that your connection has been compromised, you can delete the token at any time and generate a new one.
Granular access — leverage the permission scheme to restrict the scope for different users. Permanent tokens only authorize actions that are allowed for the user who the token belongs to. You can create dedicated accounts for API users and grant a specific set of permissions to each.
To learn how to create or delete a permanent token in your user profile, see Manage Permanent Tokens.
Sample Request
The following sample shows a REST API call that a permanent token as the authorization Bearer attribute.
Request:
HTTP GET https://youtrack.domain.com/rest/admin/project
Authorization: Bearer perm:cm9vdA==.dG9rZW4=.rNZ38ije7uiWwnUTRDdyFDdUkoPUPi
Accept: application/jsonResponse:
HTTP 200 OK
Cache-Control → no-cache, no-store, no-transform, must-revalidate
Content-Encoding → gzip
Content-Length → 91
Content-Type → application/json;charset=UTF-8
Date → Tue, 24 Jan 2017 14:50:56 GMT
Server → YouTrack
Vary → Accept-Encoding, User-Agent
X-Content-Type-Options → nosniff
X-Frame-Options → SAMEORIGIN
X-XSS-Protection → 1; mode=block
[
{
"id": "First Project",
"url": "https://youtrack.domain.com/rest/admin/project/FP"
},
{
"id": "Second Project",
"url": "https://youtrack.domain.com/rest/admin/project/SP"
}
]