Retrieving user API token in JOC environment with SSO enabled

Article ID:210476127
1 minute readKnowledge base


The user used to have an environment with just a controller, and getting the user API token was done with a simple query to the controller. After adding JOC with SSO, it is no longer possible to query the controller directly with just username:password to retrieve the API token.

The ability to retrieve the API token is useful for applications that have no knowledge of how Jenkins works, and just want to provide their credentials(username:password) to execute a command.


  • CloudBees Jenkins Enterprise - Operations Center (CJE-OC)

  • CloudBees Jenkins Enterprise - Managed controller (CJE-MM)


The JOC needs to be queried directly to retrieve the API token. This token will be usable across all connected client controllers. An example can be found below.

curl -u '<user>:<password>' 'http(s)://<joc-host>:<port>/user/<user>/configure' | grep apiToken
curl -u '<user>:<apiToken>' 'http(s)://<jenkins-controller-host>:<port>/<job-trigger-path>'