OAuth authentication

A Client ID is required to obtain access and refresh tokens in the xMatters REST API.  You can locate the Client ID for your company by opening the Workflows menu, and then selecting OAuth.

Access tokens are temporary and must be refreshed periodically using a refresh token. You can revoke refresh tokens at any time, which will effectively revoke access tokens at the same time as they can no longer be refreshed.

When you revoke authentication tokens, xMatters revokes all authentication tokens associated with your account. If you have multiple integrations and would like to revoke access to only one of them, first revoke all authentication tokens and then reauthorize individual applications.

Revoking authentication tokens does not affect the xMatters mobile apps or integrations that access your account using your user ID and password.

To revoke authentication tokens for your own account:

1. Click the Workflows tab, and then click OAuth to display the OAuth page.
2. Click Revoke Authentication Tokens.

To revoke authentication tokens for another user's account:

1. Navigate to the user's profile page.
2. From the More Actions menu, click Revoke Authentication Tokens.

To revoke authentication tokens when you reset an account's web/app password:

1. Navigate to your or another user's profile page.
2. From the More Actions menu, select Change Web / App Password.
3. On the Change Web / App Password dialog box, fill out the required fields then click Sign Out Everywhere. Note that this option also signs the account out of all active web and mobile app sessions.
4. Click Save.

For more information, see Change your Web/App password.