How to authenticate with the sipgate REST API using personal access tokens, including scope management and security benefits.
Note: This feature works differently in sipgate neo, so this article does not apply.
To authenticate with the sipgate REST API, you can use personal access tokens. Long-term, these will replace the basic auth procedure. So if you are just getting started with sipgate.io, personal access tokens are the way to go.
They use a unique combination of token id and token instead of the usual username and password combination for authentication (basic auth).
Compared to basic auth, personal access tokens are more secure:
Finer control through scopes lets you manage authorizations
Scopes let you limit access to certain areas of the account for certain tokens
You can easily delete compromised tokens
No need to send username and password over the network
If you enabled 2-factor authentication, this also protects generating tokens
Note: You can create, manage and delete your personal access tokens in your account.
Note: When assigning scopes (authorizations), make sure that you only assign the scopes that are required for your application. Granting unnecessary access represents a security risk.
Examples of how you can use a personal access token to authenticate with the API can be found in our documentation.