About User Tokens

This topic refers to functionality that is not available to accounts on the Quick Base Essential plan. If the functionality described here does not match what you're seeing in Quick Base, your account is probably on this plan.

You can create your own user tokens in Quick Base and use them to run APIs and automation with your permissions. Many API calls that use a ticket can instead take a parameter called usertoken. The user token parameter can be used with any API that doesn't post to a db/main URL, and also with API_GrantedDBs.

Tip: We recommend you create a system or service user for your user tokens.

Benefits of user tokens

User tokens offer many benefits, including:

Example

Here's an example of an API call using a ticket:
<qdbapi>

<udata>mydata</udata>
<ticket>auth_ticket</ticket>
<apptoken>app_token</apptoken>
<field fid=”8”>party at Lindisfarne</field>
<field fid="9">dress in style of the epoch</field>
<field fid="10">lindisfarne island</field>
</qdbapi>

Here's the equivalent action replacing the ticket with a user token (note that the apptoken is not necessary):

<qdbapi>
<udata>mydata</udata>
<usertoken>user_token</usertoken>
<field fid=”8”>party at Lindisfarne</field>
<field fid="9">dress in style of the epoch</field>
<field fid="10">lindisfarne island</field>
</qdbapi>

When to Use a user token vs. an app token

User tokens are a form of authentication, whereas app tokens provide permission to access an app in addition to authentication information (either as a ticket or username/password). App tokens ensure that an API call was sent by someone permitted to make API calls against an app, while the ticket ensures it is executed by someone with permissions in the app.

Since user tokens explicitly grant API access to a specific user, they combine both purposes in the same token. If you use a user token, you don't need to use an app token.

Note: It is not secure to use user tokens in APIs that are called from a browser (for example, on an app dashboard), because someone could extract the token from the JavaScript source and use it to impersonate the user whose token it is.

Create and assign a user token

You can create a user token and assign it to an app at the same time. The token will be available for assignment to other app too.

To create a new user token:
  1. On the user dropdown on the global bar, choose My preferences.

  2. Under My User Information, click the link for Manage my user tokens for realm ...

  3. Click the New user token button.

  4. Click OK.

  5. In the Basics section, enter a Name and a Description for your token.

    Create a new user token

  6. In the Assign token to apps section, click the dropdown arrows to select which apps you want to assign this token to. You can assign a token to as many as 20 apps.

    assign tokens

  7. Click Save.

  8. The new token appears in the list of user tokens. API calls containing this token can now interact with the application. The new token is also available for assignment to other applications.

    token list

    Related Topics:

 

Go back      |       |   

© 1999-2018  QuickBase, Inc.  All rights reserved.  Legal Notices.