Now Available: Updated API to Include Token-Based Authentication

Document created by on Mar 21, 2017Last modified by Brendan Cooper on Jun 20, 2017
Version 3Show Document
  • View in full screen mode

Soon we will be releasing an update to our Samanage API (which is accessed via or for our EU customers).  The Samanage API makes it easy to create applications and interface between your business systems and your Samanage account. It can be used to retrieve and update service management and asset inventory information from your Samanage account. The Samanage API also allows to create, retrieve, update and delete ITSM and ITAM information such as incidents, changes, computers, software, printers, risks and other assets, contracts and software licenses.

Some potential application ideas:

  • Speed issue resolution time by integrating internal help desk / call center systems to view asset information
  • Pass key data across systems by automatically creating contracts / licenses from your procurement system
  • Trigger business processes based on tickets, for example new asset purchase request
  • Save time by automating asset maintenance and disposal processes
  • Proactively notify internal stakeholders of new risks and license compliance gaps


Currently the Samanage API authentication is based on HTTP digest authentication.  With this update, the authentication will be based on token-based authentication. Transitioning to token-based authentication will allow admins to generate a token for a user in the user setup page. The admin will then provide that token to whomever requires it to gain access to items in Samanage via the API. A token is a piece of data created by the server that contains the user's information, as well as a special token code that user can pass to the server for continued authentication rather than their username/password.  Once the token has been obtained, the user can offer the token, rather than sending their Username/Password each time they wish to request access to the resource.

In addition to this being a more secure way to handle authentication, it is also more user-friendly.  By using tokens one will not have to update the username/password in the for an API user should the password be unintentionally, or intentionally reset.  This can save a lot of time and headaches for those that manage this.  Also, admins will be the only users to be able to generate a token or reset a token for a user who they wish to have access to the API, where as in the past, any user who had a username+password (and enough permissions) could access API.


As part of this transition, we will be ending support for the HTTP digest authentication in 90 days from this update, however HTTP basic authentication will continue indefinitely.  For more details please refer to the updated API documentation found here:


It should be noted that we will be enforcing access to the API only via the official URL: (or for our EU customers). Please be sure to update your API scripts accordingly.


Let us know what you think of this update.


Your Samanage Team

2 people found this helpful