Description: Creates an access token for the JFrog Platform.
Since: 7.21.1
Security: Requires a valid token or user credentials. You cannot create token by using basic credentials if you enabled multi-factor authentication.
If you use basic credentials, you must enable creation of tokens in the JFrog Platform UI. For more information, see Enable Token Generation via API . You cannot create token through REST API, if you enabled multi-factor authentication in the system.
Usage: POST /access/api/v1/tokens
Content-Type: application/x-www-form-urlencoded or application/json (both are supported)
Produces: application/json
This endpoint takes the following parameters.
Parameter | Description |
|---|---|
| [Optional, default: "client_credentials"] The grant type used to authenticate the request. In this case, the only value supported is "client_credentials" which is also the default value if this parameter is not specified. |
| [Optional, default: "subject" from authentication token] The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: Limited to 255 characters. |
| [Optional] The project for which this token is created. Enter the project name on which you want to apply this token. |
| [Optional, default: applied-permissions/user] The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only create Identity Tokens (user scope). The following scopes are supported.
NoteThe scope to assign to the token should be provided as a space-separated list of scope tokens, limited to 500 characters. |
| [Optional, default: 1 year] The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. |
| [Optional, default: false] The token is not refreshable by default. |
| [Optional, default: empty] Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters. |
| [Optional, default: *@*] A space-separated list of the other instances or services that should accept this token identified by their Service-IDs. Limited to 255 characters. |
| [Optional, default: false] Generate a Reference Token (alias to Access Token) in addition to the full token (available from Artifactory 7.38.10). |
Consider the following points when you use the Create Token API.
The scope is checked and validated - the authenticated principal must have the proper permissions to create a token with the requested scope.
If the scope includes
applied-permissions/userthen the token's username must be a valid existing user that is enabled (and not locked or disabled).Only an admin can set the username for a name that is not the same as the authenticated principal
Only an admin can create the token with a group's scope.
The grant type is expected to be
client_credentialsfor this API call (this is the default value if not provided).From Artifactory 7.50.3, the "force revocable" flag in the tokens has been removed as a default setting and is now a Boolean parameter called
force_revocablein the Create Token REST API. When this parameter is set to true, we will add theforce_revocableflag to the token's extension.In addition, a new configuration has been added that sets the default for setting the
force_revocabledefault when creating a new token (the default of this configuration will be "false" to ensure that the Circle of Trust remains in place.)From Artifactory 7.63.2, users with basic credentials can create tokens through the REST API.
If you use basic credentials, you must enable creation of tokens in the JFrog Platform UI. For more information, see Enable Token Generation via API . You cannot create token through REST API, if you enabled multi-factor authentication in the system.