# Create an access token Use this API to create an access token. The response includes the token value. This is the only time the token value is displayed. The value must be included as a Bearer token in the Authorization HTTP header for authorization requests. Typically, an access token has the following attributes: - Token name—Must be unique and 5 - 25 characters long. - Expiry string—The token lifetime. Format: y M d h m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and representing any number. - Token type—Valid values: NORMAL | IMPERSONATED. - Token description—Mandatory for IMPERSONATED tokens. - Username—User name of the user on whose behalf the token is created. Mandatory for IMPERSONATED tokens. When a username is provided for the creation of a NORMAL token, that username is ignored when calling an API. Instead, the user calling the API is authenticated. Endpoint: POST /uar/v1/token Version: 2024.09 ## Request fields (application/json): - `expiryStr` (string, required) Lifetime of the token as specified when the token was created. Format: y M d h m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and representing any number. - `tokenDescription` (string) Mandatory for IMPERSONATED tokens; optional for NORMAL tokens. For IMPERSONATED tokens, use this field to capture the impersonation reason. - `tokenName` (string, required) Name of the token, must be 5 - 25 characters long. The following characters are not supported: * + $ ? . ^ | % ] \\\\\\\\ (four consecutive back slashes are not allowed) HTML tags that may indicate an XSS attack will be rejected. - `tokenType` (string, required) Specify the token type. NORMAL tokens can be requested by any FlexNet Operations user. IMPERSONATED tokens can be requested by a privileged user on behalf of another FlexNet Operations user. Enum: "NORMAL", "IMPERSONATED" - `username` (string, required) The user for whom the token is created. Usually this is specified as an email address. This field is mandatory for IMPERSONATED tokens. ## Response 200 fields (application/json): - `responseObject` (object) - `responseObject.expiryStr` (string, required) Lifetime of the token as specified when the token was created. Format: y M d h m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and representing any number. - `responseObject.tokenDescription` (string) Mandatory for IMPERSONATED tokens; optional for NORMAL tokens. For IMPERSONATED tokens, this field should capture the impersonation reason. - `responseObject.tokenExpiryMillis` (integer) The date and time when the token expires in milliseconds since 1970-01-01 00:00 (Epoch time). - `responseObject.tokenIssueMillis` (integer) The date and time when the token was issued in milliseconds since 1970-01-01 00:00 (Epoch time). - `responseObject.tokenName` (string, required) The name of the token that was created. - `responseObject.tokenCreator` (string) The email address of the user who created the token. For NORMAL tokens, the email address for tokenCreator is the same as that for username. For IMPERSONATED tokens, the email addresses usually differ. - `responseObject.tokenType` (string, required) The type of the token that was created. Enum: "NORMAL", "IMPERSONATED" - `responseObject.tokenValue` (string) Actual token that is to be used for bearer authentication. - `responseObject.username` (string, required) The user for whom the token is created. Usually this is an email address. - `statusMessage` (string) The status message related to this API request.