Generating and Managing User Tokens

Automic Automation supports the following authentication methods, Basic Authentication and User Tokens. Depending on your User privileges, you can generate and manage tokens from two different AWI areas:

  • Users with access to their User object definition who have the Token access and token creation privilege.

    You generate and manage your tokens in the Tokens section on the User page in the Administration perspective.

  • All Users, regardless of their User object definition

    You generate and manage your tokens in the Tokens tab on the Settings dialog. For more information see Generating and Managing User Tokens.

User tokens have an expiration date. When a token expires, all requests result in an "Access denied" error message. This is why it is recommended that you create various tokens whose expiration dates overlap so that you can authenticate successfully at any time. System administrators can determine whether tokens are deleted automatically after they have expired in the DELETE_EXPIRED_TOKEN system variable.

Important!

For security reasons, only Automic Automation users can create their own tokens. Administrators CANNOT create the tokens for them. This restriction guarantees that knowledge about the tokens is safeguarded and limited to the User that will use them.

A token is always tied to a User object. However, bad practices when storing and/or using them can lead to accidentally exposing them publicly. It is recommended that you enforce a strong security policy to avoid these situations. These recommendations can help you with it:

  • Protect the token by separating your REST client from the location where you store the token,

  • Delete tokens that are no longer needed.

  • Rotate the tokens periodically and define expiration times that are no longer than necessary and that they comply with your company's security policy.

To Access the User Settings Dialog

  1. Open the dropdown menu at the top right corner of the menu bar and select Settings.
  2. On the Settings dialog, open the Tokens tab.

To Add a Token

  1. Click Add Token.

  2. On the Add Token dialog, enter the Token Name that is unique within your User definition. Specify a name that helps you remember the purpose of the key later on.

  3. Specify an Expiration Date. You will not be ale to authenticate using this key once this date has passed.

  4. Click Add.

  5. The Token dialog is displayed. The Automation Engine automatically generates the token (an alphanumeric string) and displays it here.

    Important! This is the only time in which you will be able to see the token. Once you close this dialog, you will not have access to it any more. Copy it now and save it elsewhere in case you need it later on.

  6. Click Copy to Clipboard.

  7. Paste the key in your REST client application or save it for later use.

  8. Go back to AWI and click Close to return to the User page. The name of the token and its expiration date are added to the list, however, the key itself (the string) is not; the string is obfuscated and saved to the database.

To Remove Tokens

Select one or more tokens and click Remove. Once they are removed, your requests can no longer authenticate using them and will result in an "Access denied" error message.

To Export the Tokens

Click the Export Table button. The resulting CSV file contains the data from the Token Name and Expiration Date columns

See also:

User Settings