In YouTrack Standalone, permanent tokens allows developers to access and perform operations securely via REST API calls in their scripts and applications without implementation of more complicated OAuth 2.0 authentication flows. A permanent token allows access to YouTrack instance with the permissions that are assigned to the user account with generated it.
A permanent token does not have an expiration date. If you suspect that the transactions with a YouTrack service using a permanent token have been compromised, you can explicitly revoke this token in your profile.
This page covers operations with permanent tokens that are performed in the user profile. For a sample of REST API calls using the permanent token, refer to the Log in to YouTrack page in the Resources for Developers section.
Obtain a new permanent token
To obtain a new permanent token:
Open your user profile. Switch to your Hub profile.
Open the Authentication tab.
Click the New token... button.
In the New Permanent Token dialog, specify a name for the new token and the access scope for it. The scope for the token is a list of services which you can access with this new token. For the YouTrack instance with the built-in Hub, a scope basically let you send REST API calls to the following endpoits:
Scope
URLs
Description
YouTrack
/rest/... /api/...
Send API requests to the end-user part of YouTrack: issues, tags, commands, agile board, dashboard and reports.
YouTrack Administration
/hub/api/... /hub/rest/...
Send API requests to the administration part of YouTrack: project and access management, server settings, etc.
Click the Create token button.
A dialog window with the new token is displayed.
Copy the token and keep it in a secure location.
A new token is associated with your user account and is displayed in the list in the Authentication tab.
Delete a permanent token
To delete a permanent token:
Open your user profile. Switch to your Hub profile.
Open the Authentication tab.
In the list of tokens, select the token that you want to revoke.
Click the trash button.
A confirmation dialog is displayed.
Click the Delete button.
Selected permanent token is deleted and removed from the list.