Reference Tokens have the following advantages:
Reference Tokens are not retrievable - Reference Tokens are stored as hashed, so they are not retrievable from the UI, REST API, or database, making them less likely to be compromised.
Reference Tokens can have a default expiry - the Artifactory administrator can set a default expiry for Reference Tokens. They can also control the default expiry time and decide whether a token will be refreshable or not.
A user can have multiple Reference Tokens - unlike API Keys, a user can create numerous Reference Tokens.
Reference tokens information can be viewed and the token can be revoked via the JFrog Platform UI - both for the user and the administrators.
Reference Tokens can be used in multiple ways - Reference Tokens can be used similarly to API Keys, with the “X-JFrog-Art-Api” Header, but also as Basic credentials with
“curl -u User1:<reference token>”
or as bearer tokens“curl -H Authorization: Bearer <token>”
.Reference Tokens are short (64 characters) - unlike Identity Tokens, Reference Tokens can be used with clients that do not support long tokens or passwords.