Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The information about the user, along with user’s permissions, are encoded in the token itself, so once the UI token is issued, it cannot be revoked (that’s why the tokens are typically short-lived).

In release Starting 3.7.0 we have introduced the API tokens (long-lived) API tokenswill be introduced, that are a better fit for authenticating API calls originating from integration toolssystems. They are a bit slower than UI tokens (as the token is verified in DB with each API call), but they can be revoked easily.