This article refers to token setup in XRay version 1.5. For information about tokens in XRay version 1.6, see Tokens (XRay 1.6).
Tokens are used when making connections. For example, to stream data, access the user interface from a mobile device, or use the REST API, a token is required. Tokens act as keys to the system and should be shared only with team members based on required activities.
Please see the sections below on the differences between repository and personal tokens.
What is a repository token?
A repository token is generated by administrators to grant access to a repository. The administrator defines and configures the tokens to determine which actions will be permitted: stream, query, modify and/or delete. They share these tokens with all team members as required.
Administrators generate repository tokens and specify the rights on the Manage Repository Tokens tab of Organization Manager (Main Menu > Admin Settings > Organization > Repositories). For each repository token generated, the administrator grants rights by setting either Active or Inactive for the Stream, Query, Modify (includes both add and update), Delete and Admin fields. The Admin option allows users to manipulate administrative items only: Users, Organizations, Teams, Repositories, and Tokens.
Administrators can view all tokens, both repository and personal on the Organization Manager screen. The user who created the personal token is displayed.
What is a personal token?
A personal token is generated by a specific user of the system to allow access on their behalf. The primary use for a personal token is for connecting with a mobile device. To register a mobile device, the token's associated QR code is scanned.
Another use case is if you want to authorize someone else to access the repository, on your behalf. For example, so they can connect and monitor via a mobile device while you are on vacation. When you return, you can remove the token and their access is revoked.
Similarly, you could use a personal token if you wanted to give the right to stream data to your repository. This might be a 3rd party that you want to collect data from. Once they have provided the required data, you can remove the token and they can no longer stream information.
Users generate the tokens on the Personal Tokens screen (Main Menu > User Settings > Personal Tokens), pictured below.