Personal access tokens (PATs) are needed for authentication on APIs using Personal access token authentication. Personal access tokens are always created for specific users and are owned by these users.
Creation and management of PATs is bound to the system capability <%CAPCS PERSONAL_ACCESS_TOKENS%>, i.e. if that capability is granted all users can create PATs.
Users can only create PATs for themselves. The number of personal access tokens that can be created for a single user is limited to 10. In the response to a PAT creation request the Client Service will include the actual access token. Internally however only the hash of that token is stored, i.e. the access token cannot be retrieved from the Client Service after creation.
PATs can be deleted at any time by the user who owns them and by users with permission EDIT_USERS.
A user can list all his PATs, users with permission VIEW_USERS can also list other users' pats. When listing pats the access token itself is not included (as only the hash is stored).
Attribute |
Notes |
|---|---|
Name |
String. Mandatory. Max Length 250 characters A user chosen name that usually explains the usage of the token. The Client Service enforces uniqueness of this name within all the PATs of one user. |
Creation date |
Date time. Automatically set by Client Service Date and time when the token was created. This date is automatically set by the Client Service on creation of the PAT. |
Expiration date |
Date and time. Mandatory. Expiration date of the PAT set on creation of the PAT. Pats are only valid before this date. The expiration date must be greater than the Expiration date and must be less or equal to the Creation date + 2 Years. |
Access token |
String. Mandatory. The actual access token that can be used for authentication. Since the access token is a secret the Client Service only stores a hash of the access token. |
