/  Python Yamcs Client  /  General Client  /  Authentication


User Accounts

Yamcs Server can be configured for different authentication setups.

The common use case is to entrust Yamcs with validating user credentials (either by locally verifying passwords, or by delegating to an upstream server such as an LDAP tree).

To authenticate in such a scenario simply do:

credentials = Credentials(username="admin", password="password")
client = YamcsClient("localhost:8090", credentials=credentials)

In the background this will convert your username/password credentials to an access token with limited lifetime, and a long-lived refresh token for automatically generating new access tokens.

Further HTTP requests do not use your username/password but instead use these tokens.

Service Accounts

Service accounts are useful in server-to-server scenarios. Support for service accounts will be available in future releases.


class yamcs.core.auth.Credentials(username=None, password=None, access_token=None, refresh_token=None, expiry=None, client_id=None, client_secret=None, become=None)

Bases: object

Data holder for different types of credentials. Currently this includes:

  • Username/password credentials (fields username and password)

  • Bearer tokens (fields access_token and optionally refresh_token)


Short-lived bearer token.


Name of the user to impersonate. Only service accounts with impersonation authority can use this feature.

before_request(session, auth_url)

The client ID. Currently used only by service accounts.


The client secret. Currently used only by service accounts.


When this token expires.

login(session, auth_url, on_token_update)

Clear-text password (consider TLS!).

refresh(session, auth_url)

Refresh token used to request a new access token.


Username (only needed when using username/password credentials).