How to get the API token for Jenkins

Question

I am trying to use the Jenkins REST API. In the instructions it says I need to have the API key. I have looked all over the configuration pages to find it. How do I get the API key for Jenkins?

If you want the same programmatically, then you can have a look at [Programmatically retrieve Jenkins REST API Token](https://medium.com/@samratshaw/programmatically-retrieve-jenkins-rest-api-token-f2c3f0d69483) — footyapps27, Sep 19 '18 at 01:04

Brian Walker · Accepted Answer · 2019-01-03T18:23:19.893

181

Since Jenkins 2.129 the API token configuration has changed:

You can now have multiple tokens and name them. They can be revoked individually.

Log in to Jenkins.
Click you name (upper-right corner).
Click Configure (left-side menu).
Use "Add new Token" button to generate a new one then name it.
You must copy the token when you generate it as you cannot view the token afterwards.
Revoke old tokens when no longer needed.

Before Jenkins 2.129: Show the API token as follows:

Log in to Jenkins.
Click your name (upper-right corner).
Click Configure (left-side menu).
Click Show API Token.

The API token is revealed.

You can change the token by clicking the Change API Token button.

edited Jan 03 '19 at 18:23

answered Aug 02 '17 at 16:24

Brian Walker

8,658
2
33
35

3

is there any api to get that ? – Madhu Avinash Aug 07 '18 at 07:16
4

will this token expired? – ndh103 Oct 02 '18 at 06:36
`Show API Token` is no longer valid it seems. – Saikat Dec 10 '18 at 12:12
1

@MadhuAvinash See my answer below – RaGe Mar 26 '19 at 02:31
1

FYI. On Jenkins 2.150.1 the "Add new Token" button doesn't seem to appear until at least one token exists. Please check @RaGe's answer for how to do it without the UI. – m__ Nov 14 '19 at 12:41
Permissions info - somewhat surprisingly, users can create their own API tokens even if they are granted read only access. Overall/Administer permission is required for cross user token creation. – jws Jul 08 '22 at 17:28

RaGe · Answer 2 · 2019-08-23T16:23:45.653

25

The non UI way to do this post Jenkins 2.129 is:

curl 'https://<jenkinsURL>/me/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken' \
--data 'newTokenName=foo' \
--user username:Password

which returns:

{
  "status": "ok",
  "data": {
    "tokenName": "foo",
    "tokenUuid": "<uuid>",
    "tokenValue": "<redacted>"
  }
}

Pre Jenkins 2.129

curl http://<username>:<password>@<jenkins-url>/me/configure

edited Aug 23 '19 at 16:23

answered Mar 26 '19 at 02:30

RaGe

22,696
11
72
104

2

You need to include the CSRF crumb (https://wiki.jenkins.io/display/JENKINS/Remote+access+API) in your curl request, else it will fail with 403:Forbidden. – MKesper Sep 09 '19 at 13:59
What if username is name@domain.com, we have enabled single sign on in jenkins server – SibiCoder Jan 31 '20 at 10:23
2

@SibiCoder Try replacing '@' with '%40' – Tim Kist Jan 31 '20 at 15:25
this is not work 2.346.2,it returns in html: HTTP ERROR 403 No valid crumb was included in the request – user2352151 Jul 17 '23 at 08:04

score 10 · Answer 3 · edited Dec 08 '22 at 22:15

Tested in Jenkins 2.225

After making research for several hours I could find the answer:

The API token is used instead of the CSFR token. However, what happens if you want to make authentication from any other client (Postman, CLI, cURL, etc.)?

First you need to get a CSFR token and save the information in a cookie with --cookie-jar

Request

curl -s --cookie-jar /tmp/cookies -u username:password http://localhost:8080/crumbIssuer/api/json

Response

{ "_class": "hudson.security.csrf.DefaultCrumbIssuer", "crumb": "bc92944100d12780cfc251c9255f3f323a475562b4ee0d8b9cc6e4121f50a450", "crumbRequestField": "Jenkins-Crumb" }

Then we can read the cookie with --cookie and generate the new token:

Request

curl -X POST -H 'Jenkins-Crumb:your_crumb_token_generated_above' --cookie /tmp/cookies http://localhost:8080/me/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken?newTokenName=\your_token_name -u username:password

Response

{ "status": "ok", "data": { "tokenName": "my android token", "tokenUuid": "c510e26c-b2e8-4021-bf79-81d1e4c112af", "tokenValue": "11a2a0c91913d1391d8e8cb155ca714581" } }

It was necessary for me to add `-H "Content-Length: 0"` to the cURL request, but otherwise this worked for me. — phantom-99w, Mar 26 '21 at 07:50

score 5 · Answer 4 · edited Dec 08 '22 at 22:20

How to a generate Jenkins API token

The following commands need curl and jq. Execute them in the same session.

# Change the following appropriately
JENKINS_URL="http://localhost:8080"
JENKINS_USER=admin
JENKINS_USER_PASS=admin

Get the Crumb

JENKINS_CRUMB=$(curl -u "$JENKINS_USER:$JENKINS_USER_PASS" -s --cookie-jar /tmp/cookies $JENKINS_URL'/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')

Get the access token

ACCESS_TOKEN=$(curl -u "$JENKINS_USER:$JENKINS_USER_PASS" -H $JENKINS_CRUMB -s \
                    --cookie /tmp/cookies $JENKINS_URL'/me/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken' \
                    --data 'newTokenName=GlobalToken' | jq -r '.data.tokenValue')

Consecutive API calls

Instead of the password, you need to use the token with the username along with the crumb that was generated.

curl -u $JENKINS_USER:$ACCESS_TOKEN \
     -H $JENKINS_CRUMB \ ..........

You don't need a CRUMB anymore, if you authenticate via the api-token, do you? — Kutzi, Sep 21 '22 at 11:26
@Kutzi although docmentation says otherwise, I couldn't get the API calls to work without the CRUMB. If you succeed, let us know. — ycr, Sep 21 '22 at 13:03

How to get the API token for Jenkins

4 Answers4

Request

Response

Request

Response

How to a generate Jenkins API token

Linked