Token Access

See also Temporary Users

New in Tiki5, and improved since Tiki9.

Allows to access the content with superior rights with the presentation of a token. The primary use of this authentication method is to grant temporary access to content to an external service. Ex.: an external service needs to crawl your content to make a report.

It is also possible to combine with Share. This is good if you want to give a one time access to a page or a file, without creating a username/password and setting the group and permissions.

This is especially useful if you want to share a large file without having to send it via e-mail.

Starting in Tiki9, there is an admin panel at: "Admin home > Security > Tokens" (tiki-admin.php?page=security&cookietab=5):

tiki9_token_access_security_admin_panel_tokens.png


Moreover, Tiki9 brings an interface to manage tokens at (tiki-admin_tokens.php). For instance, if you have shared permissions to view some page with one friend, you would have one token generated for your page, which can be listed with this interface:

tiki9_token_access_admin_tokens_list.png


If you want to create new tokens by hand, you can do that with the tab "Add new token".
If the SEFURL feature is not active, in the "Full URL" field you need to copy paste the full URL of the page in the "tiki-" format as shown on the image above.
If the SEFURL feature is active, you need to copy paste the SEFURL style URL like /R202312C testing.

In the "Groups" field you insert the Groups you want to be "applied" on the user or a service accessing the page with the token as if they were a member of that group.

tiki9_token_access_admin_tokens_new.png


One use case for this manual setting of token access is to manage Batch actions, that can be run based on cron jobs set on external servers. See more information in Batch
Another use case is to give access to page contents to crawlers for indexing your site or feeding an AI. You may consider accessing the simpler print version of pages using URLs such as /tiki-print.php?page=R202312C+testing&TOKEN=….

Using a token

A token looks like this
Copy to clipboard
http://demo.tiki.org/trunk/tiki-index.php?TOKEN=937d83bc9dc6ede58d247df505011t43

Limitations

You cannot edit already created tokens.

The token param requested in the URL must always be in uppercase letters: TOKEN=....

The URL used to generate the new token should not contain any URL encoded values, like %2C, and any multivalue array field params with square brackets, like listfields[]. For example using URL like this will fail:

Copy to clipboard
https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=%2C&delimitorL="&delimitorR="&CR=%25%25%25&listfields[]=2&listfields[]=3&recordsMax=-1


You will get an error message "Token Error: Your access to this page has expired" when you try to access that page using the token.

Instead you need to use URL like this to create the token:

Copy to clipboard
https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=,&CR=%%%&recordsMax=-1


Then accessing the URL using https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=,&CR=%%%&recordsMax=-1&TOKEN=... will work.

Related
aliases

Token | TokenAccess | Tokens | Security Token