Skip to main content


API authorization token

You can create tokens for API token authorization, which is required while interacting with Unravel APIs. These API tokens get deleted after you restart Unravel. Therefore to maintain the token permanently, you must set properties to store persistent API Tokens.

Create a token for API token authorization

API tokens can be created from Unravel UI. Do the following:

  1. On the Unravel UI, click manage-icon.png from the upper right corner and then select API Tokens.

  2. Click New API Token.

  3. In the New API Token dialog box, specify a client ID, select the admin role, and click Create. A new API token is created and listed in the API token list. Click copy.png to copy the token and click 46-trash.png to delete the token.



    If you have not configured to store persistent API tokens, the tokens get deleted every time you restart the server.

Storing persistent API authorization tokens

The token used for API token authorization gets deleted every time there is a server restart. This can be avoided, and the API token can be maintained permanently. Do the following:

  1. Create a JSON file in a location accessible only to the Unravel user. For example, you create a token.json file in the /user/unravel directory.


    Create this JSON file in a location accessible only to the Unravel user.

  2. Stop Unravel.

    <Unravel installation directory>/unravel/manager stop
  3. Set the following Unravel property and in this property, provide the path to the JSON file you created in Step 1.

    <Unravel installation directory>/unravel/manager config properties set </path/to/JSON file>
  4. Apply the changes.

    <Unravel installation directory>/unravel/manager config apply
  5. Start Unravel.

    <Unravel installation directory>/unravel/manager start
  6. From the Unravel UI, create the API token. The newly created API tokens are now permanently stored in the specified JSON file, and these tokens are not deleted after the server is restarted.

Also, refer, Rotating the JSON web token (JWT) secret