Setting the REST API token
A REST API token is an alternative way to authenticate to use a REST service in Fisheye and Crucible. Instead of specifying a username and password of an authorized user, you can add a request header to the call that includes the REST API token:
This is currently only supported for a limited subset of REST services – see https://docs.atlassian.com/fisheye-crucible/latest/wadl/fecru.html#d2e302. It allows you to use services that normally require administrator credentials, without exposing those or keeping them (for example in a script or a commit hook). The token cannot be used to log in to Fisheye/Crucible or to perform any operations other than the designated REST service calls.
To generate a REST API token, log in to the administrator area of Fisheye/Crucible, go to Authentication (under 'Security Settings'), then click Generate new token in the REST API Token section. A REST API token will be generated and displayed on screen.
You can always prevent access using a previously generated token by deleting it, or generating a new one. Note that this will prevent any existing scripts using the token from working, until you update them with the new token.
See also Authenticating REST requests.