Access tokens

Access tokens provide flexible and secure ways to interact with the DataHUB, including synchronization of ARCs from local computers or servers. In most scenarios, users do not have to create access tokens themselves, since ARCitect and ARC Commander take care of this.

When to use access tokens

Section titled When to use access tokens

1. Upload of very large data or large amounts of data. The default access tokens used by ARCitect and ARC Commander expire after two hours. For data uploads that take longer than two hours, users need an access token.
2. ARCs stored on a (shared) server. When collecting many ARCs with different scopes on a central server and accessing these ARCs from different machines (office desktop, workstation, laptop), it may be easier to handle the synchronization rights between that server and the DataHUB via tokens. This is a common scenario in core facilities. In this case, we recommend to use group or project access tokens during ARC synchronization to be independent of the current user working on the ARC (via ARCitect or ARC Commander).
3. See other advanced examples here.

How to use access tokens

Section titled How to use access tokens

• ARCitect: Open the DataHUB Sync panel and follow the help menu (activated in “Settings”).
• ARC Commander: Follow this guide.

Token overview

Section titled Token overview

Token Type	Scope of access	Generation
Personal Access Token (PAT)	User-level (All ARCs of one user)	Generated in user profile settings
Group Access Token	Group-level (All ARCs within one group)	Generated in group settings
Project Access Token	Project-level access (One specific ARC)	Generated in ARC settings

Project = ARC

In the DataHUB, ARCs are called “projects”.

Group = User group

In the DataHUB, a group is a group of users (e.g. a research group)

Token information

Section titled Token information

When creating a new access token, users are asked to adapt or fill out some information summarized here.

Token name

Section titled Token name

Choose a descriptive name. This helps to track its usage and identify it later, especially if multiple tokens are created. This could for instance be the computer (“Office Desktop”) or Application (“ARCitect Office Desktop”) where the token is used.

Token description (optional)

Section titled Token description (optional)

You can add a more detailed description about the token’s purpose for easier identification.

Expiration date

Section titled Expiration date

All tokens support expiration, allowing you to set a time limit on their validity. This is essential for maintaining security and reducing the risk of token misuse over time. The token expiration defaults to one month in the future. You can adapt or remove the expiration date, e.g. to allow only temporary or long-time access.

Role

Section titled Role

You can assign a role for the access tokens (only group and project tokens).

Tip

Learn more about roles and permissions.

Note

Users cannot assign a role for personal access tokens. A personal access token always has the role the user has in a specific ARC or group.

Scopes

Section titled Scopes

Together with the role, the scopes define what actions the token can perform. Common scopes include:

• api: Full access to all features
• read_repository: Read access to repositories
• write_repository: Write access to repositories

Each token type may have different available scopes based on its level (user, group, project).

Creating an access token

Section titled Creating an access token

Project Access Token

Note

This guide shows you how to generate a Project Access Token.
Project Access Tokens are scoped to a single ARC and cannot be used for other ARCs.

1. Sign in to the DataHUB

2. Open your Project (ARC)

3. Navigate to the ARC’s settings

4. Open the Access Tokens settings in the sidebar (1)

5. Enter or adapt the required token information (2) (more about token information here)

6. Click Create project access token (3)

   

7. Your new project access token appears on top. Copy (4) and use it in the desired application.

   

Group Access Token

Note

This guide shows you how to generate a Group Access Token. A Group Access Token can grant access to all ARCs of one group.

1. Sign in to the DataHUB

2. Navigate to the group’s settings

3. Open the Access Tokens settings in the sidebar (1)

4. Enter or adapt the required token information (2) (more about token information here)

5. Click Create group access token (3)

   

6. Your new group access token appears on top. Copy (4) and use it in the desired application.

   

Personal Access Token (PAT)

Note

This guide shows you how to generate a Personal Access Token (PAT).
A PAT can grant access to all ARCs of one user.

1. Sign in to the DataHUB

2. Navigate to your user settings

3. Open the Access Tokens settings in the sidebar (1)

4. Enter or adapt the required token information (2) (more about token information here)

5. Click Create personal access token (3)

   

6. Your new personal access token appears on top. Copy (4) and use it in the desired application.

   

Security & Revoking access tokens

Section titled Security & Revoking access tokens

Depending on the chosen type (user, group, project) of token as well as its role and scope, an access token grants access to varying degrees to one or multiple ARCs.

Caution

Treat tokens like passwords – keep them secure and regularly rotate or revoke them if no longer needed. We recommend not to “save” your token anywhere in a file, especially not inside files of your ARC (e.g. the README). Instead, use the token directly in the desired application (e.g. in ARCitect). You can easily generate a new token, if needed.

List, revoke, rotate tokens

You can see a list of access tokens generated for user, group or project in the respective access token settings (see section creating a new access token above). Besides the token name, description and scopes, the overview shows you when a token was created and last used and when it expires. There you can also revoke (i.e. “delete”) access tokens.