OAuth authentication
OAuth authentication allows you to access the xMatters Rest API by providing an authentication token in the header of each request. You can use these tokens to access xMatters without storing a user name and password.
For more information about using the xMatters REST API to obtain and use authentication tokens, see the xMatters REST API documentation:
- Obtain an access token and a refresh token.
- Authenticate requests using an access token.
- Refresh an access token that is about to expire.

A client ID is required to obtain access and refresh tokens in the xMatters REST API. You can locate the client ID for your company by opening the Workflows menu, and then selecting OAuth.

Access tokens are temporary and must be refreshed periodically using a refresh token. You can revoke refresh tokens at any time, which will effectively revoke access tokens at the same time as they can no longer be refreshed.
When you revoke authorization tokens, xMatters revokes all authorization tokens associated with your account. If you have multiple integrations and would like to revoke access to only one of them, first revoke all authorization tokens and then reauthorize individual applications.
Revoking authorization tokens does not affect the xMatters mobile apps or integrations that access your account using your user ID and password.
To revoke authorization tokens for your own account:
- Click the Workflows tab, and then click OAuth to display the OAuth page.
- Click Revoke Authorization Tokens.
To revoke authorization tokens for another user's account:
- Navigate to the user's profile page.
- Click Revoke Authentication Tokens from the More Actions drop-down menu.