Try JFrog
API Reference
Contact SupportTry JFrog

Create Token

post
https://{jfrog_url}/access/api/v1/tokens

Creates an access token for the JFrog Platform, or refreshes an existing access token. Only internal Artifactory users can generate a token using basic credentials via REST API.

Create Token Notes:

  • You can create tokens at the project level if you are a Project Admin.
  • You cannot create a token using basic credentials if you enabled multi-factor authentication.
  • If you use basic credentials, you must enable creation of tokens in the JFrog Platform UI.

Refresh Token: To refresh an existing access token, set grant_type to refresh_token and provide the refresh_token parameter. The authenticated user must match the user of the access token being refreshed (identified by the refresh token).

Security: Requires a valid token or user credentials. Basic authentication is supported when enabled in the platform configuration.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params
string
enum
Defaults to client_credentials

The grant type. Use "client_credentials" to create a new token or "refresh_token" to refresh an existing token.

Allowed:
string

The refresh token value of the access token to be refreshed. Required when grant_type is "refresh_token".

string
length ≤ 255

The username for which to create the token

string
length ≤ 500
Defaults to applied-permissions/user

The scope of access. See documentation for supported scopes.

integer
≥ 0

Token expiry in seconds. 0 for non-expirable (admin only).

boolean
Defaults to false

Whether the token is refreshable

string
length ≤ 1024

Token description

string
length ≤ 255
Defaults to *@*

Space-separated list of service IDs that should accept this token

boolean
Defaults to false

Generate a reference token in addition to the full token. Since 7.38.10.

boolean
Defaults to false

Add force_revocable flag to token. Since 7.50.3.

Responses

400

Invalid input, e.g., expires_in value is not a number, non-positive number, etc.

401

Unauthenticated

403

The requested token details are forbidden, e.g., expires_in provided but is higher than the limit defined by the admin, the user does not have the permissions on the scope requested, etc.

Updated 14 days ago

Language
Credentials
Bearer
URL
LoadingLoading…
Response
Choose an example:
application/json

Updated 14 days ago