ARTIFACTORY: How to create path-based scope Access Tokens

ARTIFACTORY: How to create path-based scope Access Tokens
AuthorFullName__c
Jordan Tangy
articleNumber
000006255
FirstPublishedDate
2024-12-05T09:17:31Z
lastModifiedDate
2025-07-20
VersionNumber
2
When accessing resources in Artifactory via REST API, it is often necessary to provide an Access Token. These tokens are commonly used to authenticate requests and authorize access to resources, ensuring secure interactions with Artifactory. Path-based scoped access tokens can be created to grant access to specific paths within a repository. For example, if a repository contains several paths, creating a path-based scoped access token allows access to only the specified paths, providing more granular control over permissions.

This article will guide you through the process of generating a scoped-based Access token.

To generate a path-based scoped token, execute the request below:
curl -H "Authorization: Bearer <ADMIN-TOKEN>" -X POST "https://<JFROG-URL>/access/api/v1/tokens" \
-d "scope=artifact:<REPOSITORY>/<PATH>/**:r"

 

The following actions can be set for path-based tokens:

  • r: Read — Allows reading artifacts or metadata.
  • w: Write — Allows deploying or uploading artifacts.
  • d: Delete — Allows deleting artifacts.
  • a: Annotate — Allows adding or modifying properties on artifacts.
  • m: Manage — Allows repository management tasks.
  • x: Execute — Allows executing actions.
  • s: Synchronize — Allows synchronizing operations.

For example, the below repository “example-repo-local” contains a folder “test1” with two subfolders “com” and “comm”:

User-added image 

To generate a path-based scoped Access token for the path “test1/com”, the following command should be executed: 


curl -H "Authorization: Bearer <ADMIN-TOKEN>" -X POST "https://<JFROG-URL>/access/api/v1/tokens" \
-d "scope=artifact:example-repo-local/test1/com/**:r"
Note that the “r” at the end of the command specifies that the token created will only allow “read” operations on the specified path.
User-added image 

The token generated can now be used to retrieve the “test6.zip” file within the directory “example-repo-local/test1/com”.
However, attempting to use this token for the “comm” directory won’t work as the token was generated for the directory “example-repo-local/test1/com/”.
It is also possible to create a token that will allow access to multiple repositories/path in one command:


curl -H "Authorization: Bearer <ADMIN-TOKEN>" -X POST "https://<JFROG-URL>/access/api/v1/tokens" \
-d "scope=artifact:<REPO1_NAME>/<PATH>/**:r,w artifact:<REPO2_NAME>/<PATH>/**:r,w"