New Access Token feature is now available

Security has always been a high-priority focus when we build BeanHub. We spent a tremendous amount of effort to ensure that BeanHub is secure. We will publish articles explaining the security measurements we adopt later, such as sandboxing. But today, we would like to introduce a new security feature of BeanHub — Access Tokens.

In the past, BeanHub users could only access their BeanHub repository via HTTPS with their username and password as the credentials. But if the username and password are compromised, the attacker can do anything the user can do. Now with access tokens, you can limit which repository a specific token can access and what type of access it is. You can find the Access Token management page from your Account Settings page.

To authenticate with an access token, you need to place it as the “password” field as you normally do with basic HTTP authentication for your Git repository. The username field value doesn’t matter so you can put anything there. We highly recommend using an access token for accessing your Git repository at BeanHub instead of your account credentials. Authenticating with a username and password will be disabled when our two-factor authentication feature is available and enabled. We also consider turning off authenticating with a username and password for Git via HTTPS whether two-factor authentication is enabled or not.

As some of you may guess, what else can we do with the access token? Well, yes, we are working on the API feature! With the upcoming API feature, you can programmatically read and write from/to your accounting book repositories. The access token will be used as the authentication method. It will also support a range of permission grants that allow you to have fine-grained control over which repositories and what level of access. Hope you like our new feature, and stay tuned for our next update. Finally, once again, please feel free to contact us at support@beanhub.io if you have any feedback!