User Token Management
Earthdata Login provides users the capability to generate and manage User tokens for themselves via the EDL GUI or using the User Tokens API. User tokens are valid for a duration of 60 days. Users can generate these tokens and use them with compatible applications during the application authorization process. A user is allowed a maximum of two valid user tokens at any given time. If you already have two valid user tokens and wish to generate a new token, please delete one of the existing tokens and generate a new one.
Generating a User token from EDL GUI
Visit Earthdata Login https://urs.earthdata.nasa.gov and Login with your user credentials.
On successful login you are redirected to your profile page. Locate "Generate Token" link in the sub navigation as indicated in the image below.
On clicking the 'Generate Token' link in the above image, you will be redirected to the User token generation page. You should see 'Generate Token' button at the bottom as shown in the picture below.
Click on the "Generate Token" button in the above page. You will be redirected to the page as shown in the picture below. A user token is generated for you but it is hidden for security purposes..
Click on the 'Show Token' button to view the generated user token. You can toggle between show and hide token by clicking on the button, as shown in the button below.
You can delete an existing token by clicking on the. 'X' button as indicated in the image below.
API
Method | URL Template | Description |
---|---|---|
POST | /api/users/token | Generates a new user token |
GET | /api/users/tokens | Lists existing user tokens |
POST | /api/users/revoke_token | Revokes an existing user token |
POST | /api/users/find_or_create_token | Retrieves user token or creates one if one does not exist |
/api/users/token
Allowed Methods
POST
Description
Creates a new user token. Authorization: Basic
header with Base64 encoded user credentials is required for creating a new user token.
Authorization: Basic (user-username:user-password Base64-encoded)
Examples
Notes | Request | Response |
---|---|---|
Status Code 200 with user credentials in the header |
|
Status Code: 200
|
If the user already has maximum allowed(2) user tokens |
|
Status Code: 403
|
Invalid credentials or Missing header with credentials |
|
Status Code: 401
|
/api/users/revoke_token
Allowed Methods
POST
Description
Revokes or deletes a user token. Authorization: Basic header with Base64 encoded user credentials is required.
Authorization: Basic (user-username:user-password Base64-encoded)
Parameters
Parameter | Description |
---|---|
token (required) |
User Token to revoke |
Examples
Notes | Request | Response |
---|---|---|
Status Code 200 with token |
|
Status Code: 200 |
/api/users/tokens
Allowed Methods
GET
Description
Returns a list of all the tokens associated to a user. User credentials must be provided in the 'Authorization: Basic' header. No other parameters required.
Examples
Notes | Request | Response |
---|---|---|
Status Code 200 with correct user credentials and one token associated with the user. |
|
Status Code: 200
|
Status Code 401 with incorrect user credentials |
|
Status Code: 401
|
Status Code 200 with correct user credentials and 0 tokens associated with the user. |
|
|
Examples
n/a
/api/users/find_or_create_token
Allowed Methods
POST
Retrieves user tokens or creates one if one does not exist.
Authorization: Basic (user-username:user-password Base64-encoded)
Basic header with Base64 encoded user credentials is required for retrieving or creating a new user token.
Response
Notes | Request | Response |
---|---|---|
In the case of a successful (200) response, a json formatted text message will also be returned. |
|
Status Code: 200
|
(Unauthorized) status is returned if the user credentials are invalid or missing. |
Status Code: 401
|