Access Tokens
From GoCD server version 19.2.0 onwards, you will be able to create personal access tokens to access GoCD API(s). This will allow users to make an API call without specifying their credentials (username & password) as a part of API request headers.
Usage instructions
A token can be used to access GoCD APIs and
cctray.xml
by passing it in API header.Before 19.2.0
curl 'https://ci.example.com/go/api/pipelines/pipeline1/status' \
-u 'username:password'
Going forward
curl 'https://ci.example.com/go/api/pipelines/pipeline1/status' \
-H 'Authorization: Bearer 6A7B48094CC552B9A2DF0AFADAF50D28F0646070'
A token can not be used to create or access any access token related API(s).
Login using access token is not allowed through web UI.
Once a token is revoked, the user will not be able to activate it again.
All tokens belonging to a user will be revoked automatically as soon as the user is deleted from GoCD.
- Note: These tokens will not be visible again even if the same user is added back to GoCD.
Create a token
Login into your GoCD server.
Go to user menu → Personal Access Tokens.
Click on
Generate Token
button.Add a description for the token. This is to identify what is this token for?
Click on
Generate
button.On success, you will see the newly generated token.
Make sure you copy the token before you close the dialog. It will not be shown again.
Revoke a personal token
Login into your GoCD server.
Go to user menu → Personal Access Tokens.
Find the token which you wish to revoke in
ACTIVE TOKENS
tab.Click on the
Revoke
button.Optionally, add a reason for revoking the token.
Click on
Revoke Token
button.On success, the token just revoked will be shown in
REVOKED TOKENS
tab.
Manage access tokens (admin only)
Login into your GoCD server.
Go to Admin menu → Security → Access Tokens Management.
The admin will be able to see all the tokens created by all the users
Active tokens
Revoked tokens
The admin can use the search box on the top-right to search tokens on the basis of
Created By
andDescription
.
Revoke token
Login into your GoCD server.
Go to Admin menu → Security → Access Tokens Management.
Find the token which you wish to revoke in
ACTIVE TOKENS
tab.Click on the
Revoke
button.Optionally, add a reason for revoking the token.
Click on
Revoke Token
button.On success, the token just revoked will be shown in
REVOKED TOKENS
tab.