# Create and use an own Mytoken

Since accessing TOAR services can consume considerable resources, we are forced to introduce user registration and login to the TOAR data infrastructure.  
[Here](https://toar-data-dev.fz-juelich.de/sphinx/TOAR_UG_Vol03_Database/build/html/data-access.html#authentication-and-authorization), you can read more about our concept for "Authentication And Authorization".


To make (larger) requests to the TOAR Data Infrastructure, you need an Access Token.
You can obtain this token manually through your profile in the TOAR Dashboard.

However, this manually created Access Token is only valid for 4000 seconds (about one hour), which makes it unsuitable for long-running or automated queries.

To enable automated workflows, you can create your own mytoken, which allows you to request new Access Tokens programmatically and use them when sending requests to the TOAR Data Infrastructure.

### Creation

A mytoken can be created using the web application provided by KIT: [https://mytoken.data.kit.edu/#mt](https://mytoken.data.kit.edu/#mt).
When creating your mytoken, make sure to select the following settings to avoid issues:

#### necessary settings

OpenID Provider: **Helmholtz-AAI**
Capabilities: *at least* **AT** (Allows obtaining OpenID Connect Access Tokens)
Restrictions:
* Scopes (necessary):
    * **eduperson\_unique\_id**
    * **email**
    * **profile**
   

#### other settings
Other settings that might be of interest:

Rotation
* Lifetime: *default* **0** (= infinite lifetime)

Restrictions:
* Expires At: (If set, the mytoken cannot be used after this time)
* Usages AT: *default* **15** (If set, the mytoken can only be used this often to request access tokens)


**Save your token!**
(at creation time, you will not be able to access the credentials at a later point in time)

### Usage
With the following code snippet you can create an AccessToken for the Helmholtz AAI using your mytoken
```
import os
import requests

MYTOKEN = "TheTokenThatYouSavedFromTheAboveStep"
MYTOKEN_ENDPOINT = "https://mytoken.data.kit.edu/api/v0/token/access"

def get_access_token():
    payload = {
        "grant_type": "mytoken",
        "mytoken": MYTOKEN
    }

    resp = requests.post(MYTOKEN_ENDPOINT, json=payload, timeout=10)
    resp.raise_for_status()

    data = resp.json()
    at = data.get("access_token")

    return at

if __name__ == "__main__":
    access_token = get_access_token()
    print("Access Token:", access_token)
```


### Token Information
You can view your active mytokens by logging in to https://mytoken.data.kit.edu/ via Helmholtz-AAI and selecting `List and revoke mytokens`.
There, you can see all your active mytokens, revoke them if needed, and view the event history of each token.
You can also visit https://mytoken.data.kit.edu/#token-info and enter a mytoken to receive information about it, such as whether it is valid or when it expires.