Access Token

The access token, or bearer token, is a string with user credentials and permissions needed when interacting with the GPM Web API. It is necessary to include the bearer token before making any GPM Web API requests.

GPM Plus uses Windows Active Directory for authorization. Therefore, each token is bound to a user, who has a set of claims mapped to Active Directory groups that can be customized for each environment. For more information, see the GPM Plus User Guide or the GPM SCADA User Guide.

Note: Do not generate a new token for every call. This would risk exposing your credentials more than is necessary. Instead, create a token once and use it until it expires. The token has a 24-hour lifespan, which starts either from its creation or its last use. If the GPM Web API calls returns a 401 error, indicating an expired token, you will need to create a new token. However, if the token is used within the 24-hour timeframe, it will be automatically refreshed. This cycle continues every subsequent 24 hours with each usage.