ACCESS – Access token created using the Create Token REST API cannot be used for events REST API, how to overcome this?

Muhammed Kashif
2023-01-22 11:07

Note: This article is valid until the Artifactory version 7.12.x

Access tokens created using the Create Token REST API from and above the Artiafctory v7.9 cannot be used for Event-based REST API calls.
So to overcome the issue,

1. Use the Access token for Event-based REST API calls, you can create the Admin Access token from the UI.

2. Sometimes, it becomes a use-case to generate the Access token using the REST API for Event-based REST API calls for automation for users who belong to admin groups, and the only possible way to use the access token to be used for Event-based REST API is to generate the Access token from Create Token REST API, then generate the access admin token and then generate the events token. Below are the steps

  • Create the token using the Create token REST API as below,
curl -uadmin:password -XPOST "http://myart/artifactory/api/security/token" -d "username=testuser" -d "scope=member-of-groups:admingroup"
  • Get the Artifactory service_id using the Get Service_Id REST API,
curl -uadmin:password -XGET "http://myart/artifactory/api/system/service_id"
output: jfrt@1ewj90zeyqwerytu5ez0fxx
  • Create an Access admin token using the below REST API passing the highlighted part from step 2's output. This step will generate the access token that can be used for events REST API.
curl -H "Authorization: Bearer <token>" -XPOST "http:/myart/artifactory/api/security/access/admin/token" -H "Content-Type: application/json" -d '{ "service_id" : "jfac@1ewj90zeyqwerytu5ez0fxx" }'
  • Create the Access token using the below curl command which will give access to the Event-based REST API,
curl -H "Authorization: Bearer <token from step 3>" -XPOST http://myart/access/api/v1/oauth/token -d 'username=testuser' -d 'scope=applied-permissions/admin' -d 'audience=jfevt@*' -d 'refreshable=true' -d 'grant_type=client_credentials'
  • Used the below events REST API using the token from step 4 and it will work as expected,
curl -H "Authorization: Bearer <token from step 4>" -XGET "http://myart/event/api/v1/subscriptions"