Token authentication for REST API

I’m trying to design a simple web app that creates new documents via the REST API. For that, I’m using token authentication via a token created in a specific user account. Everything works fine, except the documents being created this way are attributed to “Admin” rather than the user that owns the token. Is this intended behavior?

The token belongs to a user, just the same as a username/password login would belong to a user.
I’ve handled this by creating a user that represents a IOT device, an automated or scheduled process or something else.

Yep, that’s exactly what I’ve done too. I’ve got a token that belongs to a specific user (named “Web Agent”, fwiw), and I’m using that token to create a new document. When I look at the newly created document, however, it says it was created by “Admin” (not “Web Agent”). Do you know if that’s the intended behavior?

I think you might be using the wrong token (Administrator); it should give the same name as the user (Web Agent). Check your token against both users; this is not the expected behavior.

1 Like

I think I figured it out. I was using the token that belonged to the user “Web Agent” correctly, but the problem was that user had an email address like “”.

It would appear that the username listed in the document history is derived not from the user’s ID/name but from the email address associated with the account. In this case, I had given the user “Web Agent” an email address like “”, and that seemed to be confusing the system. I’m not sure if this is a bug or intended behavior, but giving the account a new email address fixed the problem I was having.

Anyway, thanks for your help! It’s much appreciated.


I have a question, token base auth is only for specific user login? or we can also use token for Admin login.