Skip to main content

How to authenticate?

Authentication, API Access Token

To access XRAY API, you have to register and activate.

As soon as the account is active, a Basic subscription is assigned.

Be sure to change subscription to one with API access.

Important

Our Business Team will customize subscription to meet your preferences and needs.

Subscriptions are related to specific configurations which contain different available checks.

Authentication

To ensure secure and authorized access to XRAY's API, developers need an Authenticated Token.

Obtaining an XRAY Token involves an authentication and authorization process. After authenticating the user account, XRAY provides a unique token.

The token serves as a digital credential, validating identity and allowing you to make API calls.

How can I get XRAY API Access Token?

  1. Log into XRAY.
  2. Navigate to Settings > Tokens.

image info

  1. Click on "+" in the lower right corner to create a new token.
  2. Enter all data necessary "*".
  3. The token expiration date is one year by default.
  4. Set the expiration date before saving a token under Expiration Date.

Check all boxes at the bottom of the window according to your needs.

Click the Save button to save changes.

image info

  1. The token will be visible only when it is generated and you have to copy and save it immediately.

image info

Keep API Access Token protected as it is valid until expiration date. In case the token is compromised, disable it and generate a new one.

A token allows authentication and is used for building third-party implementations based on API. If needed create more than one API Access Token.

Additionally, consider creating a different token for different access uses.

API Access Token vs Authenticated Token

API Access Token is a long-lived JWT token used to log in and get Authenticated Token.

Authenticated Token is a short-lived JWT token.

To access XRAY API, use Authenticated Token as the Bearer token in the Authorization header.

What to do with API Access Token?

Previously generated API access token will NOT permit you to call all XRAY's API endpoints. Instead, use it to generate Authenticated Token which lasts for 30 minutes and enables you to use the API. Consider this step as logging in with an API access token.

To get Authenticated Token, call getToken Mutation with an API access token in the Authorization header (as Bearer token).

mutation getToken { getToken }

{ "Authorization": "Bearer YOUR_API_ACCESS_TOKEN" }

Security

Due to security-related events, access tokens may be invalidated before the expected expiration time.

XRAY API Authorization Sequence Diagram

The diagram shows common use case of generating Authenticated Token and using it to access API - in this case, to create a session.