All Products
Search

This Product

    Alibaba Cloud DevOps:Obtain an access token

    Document Center

    Alibaba Cloud DevOps:Obtain an access token

    Last Updated:Apr 16, 2025

    You can use an access token to authenticate Alibaba Cloud DevOps API calls and git operations over HTTP protocol. This topic describes the security guidelines for managing access tokens and how to obtain an access token.

    Token authorization

    • When creating a token, you must grant API access permissions to the token and set its validity period. We recommend that you grant only the permissions necessary for the intended use and set the validity period to the shortest interval needed.

    • A token provides the same capabilities to access resources and perform operations on those resources as the user who requested it. These capabilities are limited by the scope of API permissions granted to the token. The token cannot grant the user additional access permissions beyond what the user already has or what has been defined within the permission boundaries of the token.

    Secure storage

    Treat tokens with the same level of security as passwords or other sensitive credentials:

    • Avoid sharing tokens using unencrypted messages, emails, instant messaging systems, or any other insecure communication channels.

    • Refrain from passing tokens in plain text within command lines.

    • Do not commit unencrypted tokens to public repositories or other insecure environments.

    Prudent usage

    • Do not hard code tokens into your code and push them to public repositories. Instead, store tokens in environment variables and retrieve tokens from these variables when making API calls. This practice helps prevent token exposure that results from unauthorized access to the code and reduces the risk of data breaches.

    • Avoid using permanent tokens. Rotate tokens periodically and revoke them immediately when security risks are detected.

    • In the event of a token compromise, immediately delete the token.

    Procedure

    Important

    Alibaba Cloud DevOps ensures the security of tokens used for API access and git operations by displaying the token only once upon creation. For subsequent retrieval attempts, the original token cannot be retrieved. Alibaba Cloud DevOps also encrypts and securely stores your tokens.

    When requesting and using tokens, adhere to following security principles to mitigate potential security risks: principle of least privilege, secure storage, and prudent usage.

    1. Log on to the Alibaba Cloud DevOps workbench. For more information, see Account and logon.

    2. On the Workbench page, click the profile picture in the upper-right corner, and then click Personal Settings from the dropdown menu.

      image

    3. In the left-side navigation pane of the Personal Settings page, click Access Token. On the Access Token page, click Create Access Token and configure the following settings.

      Parameter

      Description

      Token Name

      The custom token name. The token name can be up to 64 characters in length.

      Description (optional)

      The description of the token.

      Expiration Date

      The expiration date of the token.

      Warning

      After a token expires, you cannot use it to call API operations.

      Select Permissions

      The permissions granted to the token. Select permissions following the principle of least privilege.

      image

    4. Click Create.

    5. Save the generated token immediately after creation. It will be displayed only once and cannot be retrieved later.