<p>We released pipeline-scoped API Tokens, which enable your scripts to interact with a specific Screwdriver pipeline. You can use these tokens with fine-grained access control for each pipeline instead of User Access Tokens. <!-- more --></p> <h2>Creating Tokens</h2> <p>If you go to Screwdriver’s updated pipeline Secrets page, you can find a list of all your pipeline access tokens along with the option to modify, refresh, or revoke them. At the bottom of the list is a form to generate a new token.</p> <p><img src="https://66.media.tumblr.com/f6b1cfdd49e7f31501aa49b2fd28b685/tumblr_inline_pbmd31MWPe1qf05nt_540.png" alt=""/><img src="./pipeline-token/pl_secrets_tab.png" alt=""/></p> <p>Enter a name and optional description, then click <code>Add</code>. Your new pipeline token value will be displayed at the top of the <code>Access Tokens</code> section, <strong>but it will only be displayed once</strong>, so make sure you save it somewhere safe! This token provides admin-level access to your specific pipeline, so treat it as you would a password.</p> <h2>Using Tokens to Authenticate</h2> <p>To authenticate with your pipeline’s newly-created token, make a GET request to <code>https://${API_URL}/v4/auth/token?api_token=${YOUR_PIPELINE_TOKEN_VALUE}</code>. This returns a JSON object with a <code>token</code> field. The value of this field will be a <a href="https://jwt.io/">JSON Web Token</a>, which you can use in an <code>Authorization</code> header to make further requests to the Screwdriver API. This JWT will be valid for 2 hours, after which you must re-authenticate.</p> <h2>Example: Starting a Specific Pipeline</h2> <p>You can use a pipeline token similar to how you would a user token. Here’s a short example written in <a href="https://www.python.org/">Python</a> showing how you can use a Pipeline API token to start a pipeline. This script will directly call the <a href="https://docs.screwdriver.cd/user-guide/api">Screwdriver API</a>.</p> <pre><code># Authenticate with token auth_request = get('https://api.screwdriver.cd/v4/auth/token?api_token=%s' % environ['SD_KEY']) jwt = auth_request.json()['token'] # Set headers headers = { 'Authorization': 'Bearer %s' % jwt } # Get the jobs in the pipeline jobs_request = get('https://api.screwdriver.cd/v4/pipelines/%s/jobs' % pipeline_id, headers=headers) jobId = jobs_request.json()[0]['id'] # Start the first job start_request = post('https://api.screwdriver.cd/v4/builds', headers=headers, data=dict(jobId=jobId)) </code></pre> <h2>Compatibility List</h2> <p>For pipeline tokens to work, you will need these minimum versions:</p> <ul><li><p><a href="https://hub.docker.com/r/screwdrivercd/screwdriver/">screwdrivercd/screwdriver</a>: v0.5.389</p></li> <li><p><a href="https://hub.docker.com/r/screwdrivercd/ui/">screwdrivercd/ui</a>: v1.0.290</p></li> </ul><h2>Contributors</h2> <p>Thanks to the following people for making this feature possible:</p> <ul><li><p><a href="https://github.com/kumada626">kumada626</a> (from Yahoo! JAPAN)</p></li> <li><p><a href="https://github.com/petey">petey</a></p></li> <li><p><a href="https://github.com/s-yoshika">s-yoshika</a> (from Yahoo! JAPAN)</p></li> </ul><p>Screwdriver is an open-source build automation platform designed for Continuous Delivery. It is built (and used) by Yahoo. Don’t hesitate to reach out if you have questions or would like to contribute: <a href="http://docs.screwdriver.cd/about/support.">http://docs.screwdriver.cd/about/support.</a></p>