API tokens offer a way to make authenticated CLI or REST API calls.
See
our wiki for more details.
The username associated with each token is your Jenkins username.
Some good practices for keeping your API tokens secure are:
- Use a different token for each application so that if an application is compromised you can revoke its token individually.
- Regenerate the tokens every 6 months (depending on your context). We display an indicator concerning the age of the token.
- Protect it like your password, as it allows other people to access Jenkins as you.
Every time Jenkins is restarted the creation dates for unused legacy tokens are reset
which means that the dates may be inaccurate.