Token Based Authentication

For creating API Tokens to authenticate in XDM, the user must have the necessary role. Further information on how to define the role can be found in the Token based authentication configuration section.

Once the prerequisites are met, the user can create API Tokens in XDM and use them for authentication. The user can find and create his own API Token(s) in the user settings under the tab API Tokens.

Here you can find which API Tokens you have created, when they expire, and you can also create new API Tokens. Existing API Tokens can not be edited, but they can be deleted. However, you can edit the description of an API Token, which can be helpful for better distinguishing between different API Tokens.

Users having the global admin role are able to see and delete all API Tokens of all users in the system, while users without the global admin role can only see, edit and delete their own API Tokens. Note that only the description can be edited for existing API Tokens, regardless of the role.

Create an API Token

When creating a new API Token, you can set an expiration date for the API Token. The maximum validity of an API Token is one year, and it cannot be renewed. Once an API Token expires, a new one must be created.

You have to create an API Token object at first, then navigate into it and generate the token itself. The token will be displayed once it is generated, but it will not be displayed again for security reasons. Therefore, make sure to copy the token and store it in a safe place immediately after generation, as you will need it for authentication, and you won’t be able to retrieve it later.

Usage of an API Token

When using a generated API Token for authentication, you can use it in the same way as a password. For example, when using the REST API, you can include the API Token in the Authorization header of your HTTP requests. The same applies when using API Tokens for authentication in the XDM user interface.

Example

When using the REST API, you can use the API Token for authentication as described in the following example. Note that the example is based on the description of the example for executing a task template by name, which can be found in the Public REST API chapter.

We suppose that the user has generated an API Token with the value generated_xdm_token and wants to use it for authentication in the API request. Please make sure to replace generated_xdm_token with the actual value of your generated API Token when testing the request.

The adapted Curl request using an API Token for authentication would look like this:

$ curl 'https://xdm.ubs-hainer.com/api/public/execute' -i -X POST \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json' \
    -u 'user':'generated_xdm_token' \
    -d '{
  "taskTemplate" : "Demo task template",
  "waitForCompletion" : true,
  "waitTimeoutSeconds" : 3600
}'

The corresponding HTTP response should be similar to the following. Note that there may be further attributes listed.

HTTP/1.1 200
Server: nginx
Date: Mon, 23 Mar 2026 08:05:35 GMT
Content-Type: application/json
[...]
{
    "startTime" : "2026-03-23T09:04:26.584755",
    "endTime" : "2026-03-23T09:05:30.769713",
    "status" : "COMPLETE",
    "exitCode" : 0,
    "exitDescription" : null,
    "_links" : {
        "self" : {
            "href" : "https://xdm.ubs-hainer.com/api/public/execute/4889",
            "type" : "GET"
        }
    }
}