How to manage my personal tokens ?

Documentation > User Guide > How to manage my personal tokens ?
  • Available with
  • Free
  • Tailored
  • Team

Managing your personal tokens

To access this page follow my account menu:

This page contains 3 sections:

  • on the left : your current user (login/organization/profiles)

  • on the right: your current contact (email, name,…)

  • below: your personal tokens to authenticate as your current user under specific scopes

in token section you can

  • add a new token via '+' button on the right

  • edit each existing token with pen button

  • refresh each existing token to use another password during authentication (previous one is replaced)

  • delete any existing token with dustbin button

Personal Token fields

  • application: name of the token

  • scopes: context in which iTop authentication will work

  • expiration date: if set, date after which token will expire and will not work anymore

  • count: number of successful authentications with current token

  • use date: date of the last successful authentication

Authentication failures through tokens

You can authenticate with your token (credential) by passing it:

  • in the header: 'Auth-Token: YOURTOKEN'

  • in a POST parameter: auth_token=YOURTOKEN

This authentication can fail for below reasons:

  • token (credential) passed is not correct

it can happens either by mistake or if someone refreshed the token object. in 2nd case you should have copied/pasted newest value as previous one as previous one has been replaced.

  • token object (PersonalToken/ApplicationToken) has been deleted in iTop

  • token (PersonalToken) has an expiration date and it is indeed expired

  • token (PersonalToken) does not have the proper scope to handle the ongoing operation.

Example: for a REST API call, token does not have REST scope. authentication will fail. same for collector calls with SYNCHRO scope (in coming 2.1 only).

  • your user does not have the required profiles anymore.

it could happen with someone that left the company. you may have kept his user but reduce his rights in iTop.

Token aim at authenticating in iTop. but you cannot bypass your own iTop authorizations.

Example: Even if you can log in via a token to call REST APIs, iTop may block your ongoing operation because you are not privileged enough to apply it. For example if your try to modify an object in iTop CMDB your are not allowed to edit…


Using REST API via personal token

  1. Create your personal token with REST scope

  2. call Rest API and provided token value either in header either in a post parameter.

curl --location -g --request POST 'https://localhost/itop/Develop/webservices/rest.php?version=1.3&json_data={
"operation": "core/get",
"class": "Person",
"key": "SELECT Person WHERE email LIKE '\'''\''",
"output_fields": "friendlyname, email"
}' \
--header 'Auth-Token: YOURTOKEN'


curl --location -g --request POST 'https://localhost/itop/Develop/webservices/rest.php?version=1.3&auth_token=YOURTOKEN&json_data={
"operation": "core/get",
"class": "Person",
"key": "SELECT Person WHERE email LIKE '\'''\''",
"output_fields": "friendlyname, email"


You still have unanswered questions ? Ask us.

Give, get, ask…

Join our community of users to share your knowledge and good practices.