API token is a unique identifier used to authenticate a user to access the API. It is created on the portal and must be attached to each API request to authorize access to protected resources.
The API token can be generated by a user with the permission Can create an API authorization token.
It is possible to generate an API token on the Security and notifications page:
By clicking on the "Add token" button, a modal window for creating a token appears, where you must first specify its validity period and apply it:
The token is created, you need to copy it from the modal window:
Or immediately after it is closed, but always before the page is refreshed:
After the page refreshes, the token cannot be copied:
3 days before the expiration date of the token, the system will send a letter informing you that you need to update this token or create a new one:
Migration of the authorization mechanism for API
Previously, it was necessary to log in to the portal each time before making any API request to receive an API token. With the release of version 2.43, we have implemented the ability to create API tokens that can be used to execute all requests instead of login and password authorization. To migrate your code to the new method, you need to:
1) Create an API token (see instructions above)
2) Remove the logic in your code that was responsible for authentication via the POST method https://your-domain.com/api/rest.php/auth/session
3) Update all API requests in the code - replace header
Authorization: Bearer XXXXX with
X-Cbr-Authorization: Bearer YYYYY. Where XXXXX is the JWT token previously received after authentication, YYYYY is the new API token.