OAuth authentication

OAuth authentication allows you to access the xMatters REST API by providing an authentication token in the header of each request. You can use these tokens to access xMatters without storing a user name and password.

For more information about using the xMatters REST API to obtain and use authentication tokens, see the xMatters REST API documentation:

A client ID is required to obtain access and refresh tokens in the xMatters REST API.  You can locate the client ID for your company by opening the Workflows menu, and then selecting OAuth.

Access tokens are temporary and must be refreshed periodically using a refresh token. You can revoke refresh tokens at any time, which will effectively revoke access tokens at the same time as they can no longer be refreshed.

When you revoke authorization tokens, xMatters revokes all authorization tokens associated with your account. If you have multiple integrations and would like to revoke access to only one of them, first revoke all authorization tokens and then reauthorize individual applications.

Revoking authorization tokens does not affect the xMatters mobile apps or integrations that access your account using your user ID and password.

To revoke authorization tokens for your own account:

  1. Click the Workflows tab, and then click OAuth to display the OAuth page.
  2. Click Revoke Authorization Tokens.

To revoke authorization tokens for another user's account:

  1. Navigate to the user's profile page.
  2. From the More Actions menu, click Revoke Authentication Tokens.

To revoke authorization tokens when you reset an account's web/app password:

  1. Navigate to your or another user's profile page.
  2. From the More Actions menu, select Change Web / App Password.
  3. On the Change Web / App Password dialog box, fill out the required fields then click Sign Out Everywhere. Note that this option also signs the account out of all active web and mobile app sessions.
  4. Click Save.

For more information, see Change your Web/App password.