Token authentication for API integration
As an administrator, it is imperative that you maintain the highest level of security within your organization while simultaneously allowing the most efficient process integration to be enabled. To allow for this balance, SWSD provides Token Based Authentication that encrypts your credentials and enhances security across the organization while enabling the use of APIs.
Tokens can only be viewed by the user (administrator) who created the Token. You (creator) can also regenerate the token using the same UI.
Factors to consider
- Only a System Administrator can setup Token-Based Authentication.
SolarWinds recommends tokens should be associated only to Administrators with full application access. Any issued Token shares the same permissions as the specific user’s role; when user permissions change after a token is issued, the token's permissions also change.
If a Token is Reset or Deleted, the API connection associated with the specific Token is broken, and the associated Script/Process Integration will need to be corrected.
You can ONLY create and view Tokens associated to yourself. You cannot generate Tokens for others, or reference other Users' Tokens.
If the User who generated the Token is disabled, the Token will also be disabled.
There is no impact on current Username/Password API Authentication. This feature does not impact users currently utilizing Username/Password authentication. However, for security reasons, Token Generation is highly recommended, as Username/Password authentication requires heavier maintenance depending on your password reset policy. SolarWinds suggests planning a transition process to update your current API connections, moving to the Token format.
Using Token-Based Authentication enhances security to both your API Scripts and the Process Integrations feature (more details below).
- API Documentation (see the API Documentation site).
Set up token authentication
- Navigate to the Users index page and locate your User Detail page (not your User Profile Card)
- You can use the search bar to go directly to your User and click on your name for details.
Click on the Actions button and select Generate JSON Web Token from the dropdown menu.
- You can now view your Token along with several options to proceed:
Copy: Copy the Token to your Clipboard
Reset: Resets your Token
Delete: Deletes your Token
Hide Token: Minimizes your Token, and replaces with a Show Token link
Copy the Token
Utilizing the Token
The token can be utilized for:
We have provided an example that displays how to insert your Token for authentication in API Scripting:
Example for CURL:
-H 'Accept: application/vnd.samanage.v1.1+json' -H 'Content-Type: application/json' -X GET https://api.samanage.com/incidents.json
For information on where to add the token in the CURL command, see SolarWinds Service Desk API.
- Navigate to the Setup and select Process Integration
Add a new, or edit an existing integration, and modify the Authentication Method to SolarWinds Service Desk Web Token