All TMS REST API authentication is via tokens using an API token passed by the client via the X-AUTH-TOKEN header, and all requests to TMS secured via HTTPS. Each API token is 32 characters long, and TMS supports the ability to have multiple tokens active at the same, allowing for rolling password changes on the client side, or to control access from multiple clients leveraging the same API user. Tokens are generated by TMS and cannot be supplied by the Customer.
An API token can be created via the TMS UI by visiting the Settings page. Scroll to the bottom of 'Tokens in use' and click 'Create Token'.
You will be given the option to name your token, which may make it easier to remember. Only this name and the first four characters of the token will be viewable later. Once you have named your token or opted to keep the default name, click 'Next'. You then will be able to view and copy the full token.
Please Note: The full token is only generated once for security purposes and must be treated carefully. This will be your only opportunity to copy the full token. Copy the token and store it in a safe place. If a token is misplaced, revoke the token and create a new one.
Tokens can be renamed via the TMS UI. To rename, click the pencil icon next to the token name, make desired changes, and hit 'Enter' or click on the pencil icon to save your changes.
A token can be revoked via the Settings page in the TMS UI. To revoke a token, click the 'Revoke' button for the appropriate token, confirm revocation, and that token will no longer work. To reactivate a token, click the 'Activate' button. Once activated, the token will once again be usable.