Description: Creates an access token for the JFrog Platform. Only internal Artifactory users can generate a token using basic credentials via REST API.
Since: 7.21.1
Security: Requires a valid token or user credentials. You cannot create token by using basic credentials if you enabled multi-factor authentication.
You can create tokens at the project level, if you are a project admin. For more information, see Access Token Creation by Project Admins.
You can create tokens through the JFrog Platform UI. For more information, see Access Tokens.
If you use basic credentials, you must enable creation of tokens in the JFrog Platform UI. For more information, see Enable Token Generation via API. You cannot create a token through a REST API if you have enabled multi-factor authentication in the system and the basic-authentication-enforce-mfa flag in the access.config file is set to true.
Usage: POST /access/api/v1/tokens
Content-Type: application/x-www-form-urlencoded or application/json (both are supported)
Produces: application/json
This endpoint takes the following parameters:
Parameter | Description |
|---|---|
| [Optional, default: " The grant type used to authenticate the request. In this case, the only value supported is "client_credentials" which is also the default value if this parameter is not specified. |
| [Optional, default: " The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: Limited to 255 characters. |
| [Optional, default: The scope of access that the token provides. For more information and configuration options, see Create a Scoped Token. |
| [Optional, default: 1 year] The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. |
| [Optional, default: The token is not refreshable by default. |
| [Optional, default: empty] Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters. |
| [Optional, default: A space-separated list of the other instances or services that should accept this token identified by their Service-IDs. Limited to 255 characters. |
| [Optional, default: Generate a Reference Token (alias to Access Token) in addition to the full token (available from Artifactory 7.38.10). NoteA reference token, being shorter, has a maximum payload of 4,000 characters. To avoid reaching the maximum payload, remove some of the groups associated with the token. For more information, see Create an Admin Scoped Reference Token. |
Consider the following points when you use the Create Token API.
The scope is checked and validated - the authenticated principal must have the proper permissions to create a token with the requested scope.
If the scope includes
applied-permissions/userthen the token's username must be a valid existing user that is enabled (and not locked or disabled).Only an admin can set the username for a name that is not the same as the authenticated principal
Only an admin can create the token with a group's scope.
The grant type is expected to be
client_credentialsfor this API call (this is the default value if not provided).From Artifactory 7.50.3, the "force revocable" flag in the tokens has been removed as a default setting and is now a Boolean parameter called
force_revocablein the Create Token REST API. When this parameter is set to true, we will add theforce_revocableflag to the token's extension.In addition, a new configuration has been added that sets the default for setting the
force_revocabledefault when creating a new token (the default of this configuration will be "false" to ensure that the Circle of Trust remains in place.)From Artifactory 7.63.2, users with basic credentials can create tokens through the REST API.
If you use basic credentials, you must enable creation of tokens in the JFrog Platform UI. For more information, see Enable Token Generation via API . You cannot create a token through a REST API if you enabled multi-factor authentication in the system.