For an external application to connect with Stages, it needs a way to authenticate itself. This can be done with API-tokens.

Stages generates its API tokens on the basis of a unique secret that can only be set by the Stages administrator. This should be a random string value with at least 32 characters. This value should be stored in the file conf/secret.properties like this:

apitoken.secret = <value>

In the conf/config.xml file the following configuration property needs to be declared:

<property name="restapi.apitoken.secret" value="${apitoken.secret}"/>

After that, a service restart is necessary.

The Open Read API is only accessible for Process Modellers with CollectorData Read and Create permissions.

Such a user is also allowed to create an API-token for this API. This can be done in the user settings page (click on the username in the left navigation) in the section Security and Privacy.

Please note that the API token is only shown once on creation, so make sure to copy it to a secure location for storage.