User Tokens


What is a user token?

In general

A user token is a form of credentials for the user it belongs to, which are usually completely different and separate from their original credentials.

In IQ Server

A user token is composed of a userCode and a passCode.

Both internal and LDAP users can create user tokens.

When one of these users successfully submits their user token credentials, then they will be authenticated and authorized as if they had submitted their original credentials.

Why use a user token?

There are two main benefits to using a user token.

Firstly, the user does not have to expose their original credentials (e.g. in REST API requests), which may be in-use elsewhere.

Secondly, user tokens can be easily created and deleted, which is useful should security policies require credential updates, or if credentials are lost accidentally or otherwise.

Internal or LDAP Users

You can create and delete your user token via the user token REST API.

Your user token credentials are only available upon creation and care should be taken to be able to recall them later.

Should you forget or lose your user token credentials you should delete your user token and create a new one.

Once created, you can use your user token userCode and passCode in place of your username and password to login to IQ Server via the UI and to issue REST API requests i.e. using the cURL tool for

curl -u [username]:[password] ...

you could instead issue

curl -u [userCode]:[passCode] ...


curl -u admin:admin123 http://localhost:8070/api/v2/organizations
curl -u TfPLVkV2:Hb5WZsYrvswl1wwRgxaaDVthlOVw7zSdaf1wWOrnlEU3 http://localhost:8070/api/v2/organizations

A user can only have one user token.

Users authenticated by SAML or a reverse proxy cannot create user tokens.

System Administrators

You can purge obsolete user tokens for LDAP users that no longer exist via the user token REST API.