OneStream IdentityServer supports personal access tokens (PATs) for non-interactive authentication in REST API calls. Before OneStream IdentityServer, you had to issue a web request to your IdP to get a token that you included in API calls. This request is no longer necessary; use the PAT in place of that token.
NOTE: You cannot use JSON Web Tokens for non-interactive authentication in REST API calls with OneStream IdentityServer. Only reference tokens are supported.
Use the Identity & Access Management Portal to quickly generate a PAT identifier string for seamless authentication in REST API calls to:
-
Schedule jobs.
-
Perform batch processing.
-
Use data connectors that support PATs.
A PAT takes on the identity and access rights of the creating user.
When you create a PAT in the Identity & Access Management Portal, the OneStream IdentityServer generates a unique identifier string, such as the following, that you can use in REST API calls.
Copy and securely store these identifier strings as you would other sensitive credentials, possibly in a key vault. If you do not copy or you lose a PAT identifier string, revoke the PAT and create a new one. System security roles determine the tasks you can perform with PATs.
See: