Token Authentication for API Integration
As an administrator, it is imperative that you maintain the highest level of security within your organization while simultaneously allowing the most efficient process integration to be enabled. To allow for this balance, we have provided Token Based Authentication that encrypts your credentials and enhances security across the organization while enabling the use of APIs. .
When generating a token via the SWSD, it can only be viewed by the user that created the Token. You (creator) can also regenerate the token using the same UI.
Factors to consider:
- Only a System Administrator can setup Token-Based Authentication.
We recommend tokens should be associated only to Administrators with full application access. As the Token issued shares the same permissions as the specific user’s role, when user permissions change, after a token is issued, so does the token's permissions.
- If a Token is Reset or Deleted, this will break the API connection that the specific Token is associated to, and the Script/Application Integration associated will need to be corrected.
- You can ONLY create and view Token’s associated to yourself, thus you cannot generate Tokens for others, or reference other User’s Tokens.
- If you disable the User who generated the Token, the Token will also be disabled.
- There is no impact on current Username/Password API Authentication: This feature does not impact users currently utilizing Username/Password authentication, however, for security reason, Token Generation is highly recommended, as Username/Password authentication requires heavier maintenance depending on your password reset policy. We suggest planning a transition process to update your current API connections, moving to the Token format.
- Using Token-Based Authentication enhances security to both your API Scripts and the Process Integrations feature (more details below).
- API Documentation - to access our detailed API guide, please click here.
Setting up Token Authentication
- Navigate to the Users index page and locate your User Detail page (not your User Profile Card)
- You can use the search bar to go directly to your User and click on your name for details.
Click on the Actions button and select Generate JSON Web Token from the dropdown menu
- You can now view your Token along with several options to proceed:
Copy: Copy the Token to your Clipboard
Reset: Resets your Token
Delete: Deletes your Token
Hide Token: Minimizes your Token, and replaces with a Show Token link
Copy the Token
Utilizing the Token
The Token can be utilized for:
We have provided an example that displays how to insert your Token for authentication in API Scripting:
Example for CURL:
-H 'Accept: application/vnd.samanage.v1.1+json' -H 'Content-Type: application/json' -X GET https://api.samanage.com/incidents.json
- Navigate to the Setup and select Process Integration
Add a new, or edit an existing integration, and modify the Authentication Method to SolarWinds Service Desk Web Token