Personal access tokens
Personal access tokens were introduced in Bamboo 6.10 and allow you to replace username and password in REST calls.
Personal access tokens are a secure way to use scripts and integrate external applications with Bamboo. If an external system is compromised, you simply revoke the token instead of changing password, and consequently changing it in all scripts and integrations.
You can't authenticate with personal access tokens in Bamboo UI.
Using personal access tokens
To use a personal access token for authentication, you have to pass it as a bearer token in the Authorization header of a REST API call.
Here's an example of rest using a bearer token:
curl -H "Authorization: Bearer NDc4NDkyNDg3ODE3OstHYSeYC1UgXqRacSqvUbookcZk" http://localhost:8085/bamboo/rest/api/latest/plan/PROJ-PLAN
Managing personal access tokens
To view and manage your personal access token in Bamboo:
- Admins cannot create tokens for users.
- Admins can revoke tokens from Administration > Security > Users > {user_name} > Personal access tokens page.
Creating a token
- In the upper-right corner, click on you profile image and select Profile.
Click on the Personal access tokens tab.
Here you can view your existing tokens or create a new one.- Click the Create token button.
- Give your token a name.
Assign your token permissions.
Record you token in a safe manner. For security reason the token value is shown only once. If you don’t record the token value or lose it you won’t be able to recover it and will have to create a new token.
- Click Finish.
Revoking a token
- In the upper-right corner, click on you profile image and select Profile.
Click on the Personal access tokens tab.
Hover over your token name.
The revoke button appears on the right.Click Revoke.
- Click Confirm.