Securing API Tokens
When a specialist clicks on him/herself in the far right of the toolbar and selects the option ‘My Profile’, it used to be possible for this person to go to the ‘API’ section and see his/her API token.
This is considered a potential security risk. An attacker who managed to gain access to someone’s Xurrent session, could look up this person’s token to later make transactions using Xurrent’s REST API.
That is why, from now on, an API token is only presented once to its owner. The owner is subsequently expected to treat this token like a password. In order to see a valid API token, people now need to click on the Reset API token button. This warns the user that any integrations that rely on the current API token will stop working unless they get the new token after the reset has completed.
Once the token has been reset, it is visible only once to allow its owner to copy it and store it securely in a password management application.
Xurrent named a Market Leader in Research In Action’s Vendor Selection Matrix™ for IT & Enterprise Service Management Solutions
Xurrent earns #1 rankings in customer satisfaction, price vs value, and recommendation index in Research In Action's global ITSM/ESM Vendor Selection Matrix report.
Managing risks and delivering successful AI-driven outcomes at the Service Desk
Discover how IT leaders can navigate AI risks and achieve successful outcomes at the service desk. Learn strategies for cost control, robust security, and minimizing AI hallucinations to deliver measurable ROI. Download the Gartner report for deeper insights.