Skip to main content
System StatusContact Support Agility Community

API Authentication


The VersionOne API supports different authentication types for the requests that it receives. Authentication associates the API request with a specific Member in the system and secures data according to the Roles and Project Memberships assigned to that Member. Most VersionOne APIs require authentication and respond with a 401 Unauthorized for a request that cannot be authenticated. If no such asset exists, or if you do not have sufficient rights to view it, then the response will be 404 Not Found.

Some endpoints are tied to the authentication mechanism of the VersionOne application. Although there are multiple options, the selected option will apply everywhere. The following authentication mechanisms are supported by VersionOne:

As of the Winter 2015 release, VersionOne supports its own type of Access Token Authentication. VersionOne Access Tokens are far easier to create and use than the other authentication mechanisms, and is the recommend approach as it can be used no matter if your VersionOne instance is configured for Basic, Windows Integrated Authentication, or a third-party SSO authentication method like SAML.

API Endpoint Security

The following table lists VersionOne API endpoints and the authentication mechanisms that they support:

API Endpoint Authentication
attachment.img All
loc.v1 None
meta.v1 None
query.v1 All (NTLM Excluded)
rest-1.v1/Data All
rest-1.v1/Hist All
rest-1.v1/New All