RhodeCode Enterprise has 4 different kinds of authentication tokens. API token, Feed tokens work without a need to enable any additional authentication. VCS tokens require dedicated authentication plugin to be activated. Web Interface tokens are controlled by the white_list configuration.
API tokens: API tokens can only be used to execute RhodeCode Enterprise API operations. You can store your API token and assign it to each instance in the
/home/user/.rhodercfile. See the example in Full-text Search section for more details.
Feed tokens: The feed token can only be used to access the RSS feed. Usually those are safe to store inside your RSS feed reader.
Web Interface tokens: These token allows users to access the web interface of RhodeCode Enterprise without logging in.
You can add these tokens to an RhodeCode Enterprise server url, to expose the page content based on the given token.
This is useful to integrate 3rd party systems, good example is to expose raw diffs to another code-review system without having to worry about authentication.
These tokens only work if a certain view is whitelisted under api_access_controllers_whitelist inside the
# To download a repo without logging into Web UI https://rhodecode.com/repo/archive/tip.zip?auth_token=<web-api-token> # To show commit diff without logging into Web UI https://rhodecode.com/repo/raw-diff/<sha>?auth_token=<web-api-token>
- VCS tokens: You can use these to authenticate with Git, Mercurial and Subversion operations instead of a password. They are designed to be used with CI Servers or other third party tools that require repository access. They are also a good replacement for SSH based access. To use these tokens you need be enabled special authentication method on RhodeCode Enterprise, as they are disabled by default. See Enabling VCS Tokens.
Enabling VCS Tokens¶
To enable VCS Tokens, use the following steps:
- Go to .
- Activate the
- Click Save.
Authentication Token Tips¶
- Use Authentication Tokens instead of your password with external services.
- Create multiple Authentication Tokens on your account to enable access to your repositories with a different Authentication Token per method used.
- Set an expiry limit on certain tokens if you think it would be a good idea.
To create authentication tokens for an user, use the following steps:
- From the RhodeCode Enterprise interface go to .
- Label and Add the tokens you wish to use with RhodeCode Enterprise.