Three horizontal lines stacked
Documentation Home

User Token Management

Earthdata Login provides users the capability to generate and manage User tokens for themselves via the EDL GUI or the API. User tokens are valid for a duration of 90 days. Users can generate these tokens and use them with compatible applications during the application authorization process. A user is allowed a maximum of two valid user tokens at any given time. If you already have two valid user tokens, and wish to generate a new token please delete and existing token and generate a new one.

Generating a User token from EDL GUI

▲ Top

Visit Earthdata Login https://urs.earthdata.nasa.gov if you are looking for Production environment) and Login with your credentials

On successful login you are redirected to your profile page. Locate "Generate Token" link in the sub navigation as indicated in the image below.

On clicking the 'Generate Token' link in the above image, you will be redirected to the User token generation page. You should see 'Generate Token' button at the bottom as shown in the picture below.

Click on the "Generate Token" button in the above page. You will be redirected to the page as shown in the picture below. A user token is generated for you but it is hidden for security purposes..

Click on the 'Show Token' button to view the generated user token. You can toggle between show and hide token by clicking on the button, as shown in the button below.

You can delete an existing token by clicking on the. 'X' button as indicated in the image below.

API

Method URL Template Description
POST /api/users/token Generates a new user token
GET /api/users/tokens Lists existing user tokens
POST /api/users/revoke_token Revokes an existing user token

/api/users/token

▲ Top

Allowed Methods

POST

Description

Creates a new user token. Authorization: Basic header with Base64 encoded user credentials is required for creating a new user token.

Authorization: Basic (user-username:user-password Base64-encoded)

Examples

Notes Request Response
Status Code 200 with user credentials in the header
curl --request POST \
--url 'https://urs.earthdata.nasa.gov/api/users/token' -H "Authorization: Basic Base64encodedcredentials"
Status Code: 200
{"access_token":"eyJ0eXAiOiJKV1QiLCJvcmlnaW4iOiJFYXJ0aGRhdGEgTG9naW4iLCJhbGciOiJSUzI1NiJ9.eyJ0eXBlIjoiVXNlciIsInVpZCI6InRlc3QiLCJleHAiOjE2NjAwNzkwNzUsImlhdCI6MTY1MjMwMzA3NSwiaXNzIjoiRWFydGhkYXRhIExvZ2luIn0.oRxd1keSlU7DfslBosfyQ4tPT7unA8ksfZoUFcPjeunJB1LEKABhVp0hos1kDT2vvK0UZRGW4gONXo2Qnl946ktjOQBsiEiOPCyczh_zkEyh001yFB3ofrjOKahYMJhD7mvDqTUYpe9ct1nVu4wk30zkDe-VBJVUpjEE9k1krxVi2mZlXD9CEl81MqgRXRleasDs9ZVj_aJrE8AuIy-6iurGM_2StkkaBemvlVazQ5Xwli1Ck1HwHDPbKYhVCtZRyFtDrGn4512xHZ9DzQCGthCyzl7QsN9iTksym2lAqnZLrxob9hYMu2GGvXWz9mciHsRJ5HkDN22InXsUZH5C76UfWFImYtAoXBie2z9vImu1AzL5aEhpGbgLkUYwnXgtXLM2vz010J2VQiEeeT0my1IGHmtGxccOO7l66O07bPS2Q0npDxlU73Uw0HV7J7Fhej54TmcYdjAINVl4IhYGpSrF33e_sVGKT1i4DuC1Oc1-YT3BqBScW1tgWxpZfrhX8Wks_XrAD7yh20d29vXbWL-79XcCyugmGURx2SskPno0wA18yVYfXLuIhqdfKPikIkGs5njYlJq_jLZtBXkYc5x75WjwAzBAiw4zBHLyzt20JQ6l9979VLpBgEDgbNwsT8_E6FZlraxo8Ecbf4_FNif__XMkFaYsHosZpLZF20w",
"token_type":"Bearer",
"expiration_date":"08/09/2022"
}
If the user already has maximum allowed(2) user tokens
curl --request POST \
  --url 'https://urs.earthdata.nasa.gov/api/users/token -H 'Authorization: Basic Base64encodedcredentials"
Status Code: 403
{
    "error":"max_token_limit","error_description":"User already has maximum number of tokens."
}
Invalid credentials or Missing header with credentials
curl --request POST \
  --url 'https://urs.earthdata.nasa.gov/api/users/token -H 'Authorization: Basic Base64encodedcredentials"
Status Code: 401
{
  "error":"invalid_credentials",

"error_description":"Invalid user credentials"
}

/api/users/revoke_token

▲ Top

Allowed Methods

POST

Description

Revokes or deletes a user token. Authorization: Basic header with Base64 encoded user credentials is required.

Authorization: Basic (user-username:user-password Base64-encoded)

Parameters

Parameter Description
token (required) User Token to revoke

Examples

Notes Request Response
Status Code 200 with token

curl --request POST \
  --url 'http://localhost:3000/api/users/revoke_token?token=eyJ0eXAiOiJKV1QiLCJvcmlnaW4iOiJFYXJ0aGRhdGEgTG9naW4iLCJhbGciOiJSUzI1NiJ9.eyJ0eXBlIjoiVXNlciIsInVpZCI6InRlc3QiLCJleHAiOjE2NTk5OTExMDMsImlhdCI6MTY1MjIxNTEwMywiaXNzIjoiRWFydGhkYXRhIExvZ2luIn0.gZ0_04LAgGubgLip5qAIuKvHk0_h_TI5rxyIr2uwct8EVtR09XgezEfcJm745yqoRTYY4eODbNRpZSfOeM3gZOlz726jdDjmIZ5nUS08kFtxTjQ-Elnl0grA1UeQ4WLFgYkoBJlpRTYJZ-RvxgjPHjqj-UsBNPyOz_eCfW88gzoN0Vpxe886hKVyAHc54gcvFy4-_UYakXb9DUSCloZjKUb1s2J17Di3Qp8YwuwGauBsz78LtMKz0Ez5aQ5-aEF6_N4bEx03Jziv1CodEoyifeBdzt5u-8wyzBrMCNtBx8fah-ayljS-DG0FzrplFgsd7N-raIT5EZs7k_VSyF4DC6NLPPOpPZOAke_m9VLGHUKcWNqWVS-v9l4wBPlwanVZu2iCBJBaU4tQUH-Y729_wMKKAIiKH4RB4i3Ayz0ZFydiFbQc61Qz9Dhh_cB37saaaurKoYFaiBOVDIg2MJWhE5cn8r4I30MTQSui444Afs9_DdUCzlhmdJygHcU74gDKxmus9FvaGd_8oz8BV0Lcb9w_n7SBePxsB_WUZHEeIc2gdd_E6NHyNk9xoUYPTRdQgwubT4bXxBwFELkPWvbAm3TYxoa5DX9m6XTXAY5yU8822_7VXbJ7-gl-pwELoM0nFUq3LWv8ws4yh5XcI0Fnq0oagclT1Qt7vwyUkXDWOt8' -H 'Authorization: Basic username:userpassword'

Status Code: 200

/api/users/tokens

▲ Top

Allowed Methods

GET

Description

Returns a list of all the tokens associated to a user. User credentials must be provided in the 'Authorization: Basic' header. No other parameters required.

Examples

Notes Request Response
Status Code 200 with correct user credentials and one token associated with the user.

curl --request GET \
  --url http://localhost:3000/api/users/tokens \
  --header 'Authorization: Basic username:userpassword'

Status Code: 200

[
  {
    "access_token":"eyJ0eXAiOiJKV1QiLCJvcmlnaW4iOiJFYXJ0aGRhdGEgTG9naW4iLCJhbGciOiJSUzI1NiJ9.eyJ0eXBlIjoiVXNlciIsInVpZCI6InRlc3QiLCJleHAiOjE2NTk5OTExMDMsImlhdCI6MTY1MjIxNTEwMywiaXNzIjoiRWFydGhkYXRhIExvZ2luIn0.gZ0_04LAgGubgLip5qAIuKvHk0_h_TI5rxyIr2uwct8EVtR09XgezEfcJm745yqoRTYY4eODbNRpZSfOeM3gZOlz726jdDjmIZ5nUS08kFtxTjQ-Elnl0grA1UeQ4WLFgYkoBJlpRTYJZ-RvxgjPHjqj-UsBNPyOz_eCfW88gzoN0Vpxe886hKVyAHc54gcvFy4-_UYakXb9DUSCloZjKUb1s2J17Di3Qp8YwuwGauBsz78LtMKz0Ez5aQ5-aEF6_N4bEx03Jziv1CodEoyifeBdzt5u-8wyzBrMCNtBx8fah-ayljS-DG0FzrplFgsd7N-raIT5EZs7k_VSyF4DC6NLPPOpPZOAke_m9VLGHUKcWNqWVS-v9l4wBPlwanVZu2iCBJBaU4tQUH-Y729_wMKKAIiKH4RB4i3Ayz0ZFydiFbQc61Qz9Dhh_cB37saaaurKoYFaiBOVDIg2MJWhE5cn8r4I30MTQSui444Afs9_DdUCzlhmdJygHcU74gDKxmus9FvaGd_8oz8BV0Lcb9w_n7SBePxsB_WUZHEeIc2gdd_E6NHyNk9xoUYPTRdQgwubT4bXxBwFELkPWvbAm3TYxoa5DX9m6XTXAY5yU8822_7VXbJ7-gl-pwELoM0nFUq3LWv8ws4yh5XcI0Fnq0oagclT1Qt7vwyUkXDWOt8",

    "expiration_date":"08/08/2022"
  }
]

Status Code 401 with incorrect user credentials

curl --request GET \
  --url http://localhost:3000/api/users/tokens \
  --header 'Authorization: Basic username:userpassword'

Status Code: 401

{
  "error": "invalid_credentials",
  "error_description": "Invalid user credentials"
}

Status Code 200 with correct user credentials and 0 tokens associated with the user.

curl --request GET \
  --url http://localhost:3000/api/users/tokens \
  --header 'Authorization: Basic username:userpassword'


[ ]

Examples

n/a