This vignette covers how to obtain and use an OSF personal access
token (PAT) for use with osfr
.
PATs are required to upload files, create projects/components, access information about your private projects, or download files in your private projects. PATs are not required for accessing information about public projects or downloading public files, but authentication with a PAT will increase the rate limit on the API.
Unauthenticated requests are limited to 100 per hour; Authenticated requests are limited to 10,000 per day. So, if you are planning to make a large number of calls to the API, we suggest authenticating with a PAT even if one is not required for the functions you are running.
To create an OSF PAT, log into OSF through your browser, navigate to
the OSF settings page, and
click the create token button. You will need to create
a PAT with at least osf.read_full
scope; if you want to be
able to edit information through the package, you will also need the PAT
to have osf.write_full
permissions. Once the PAT is
created, save it in a safe space.
You can authenticate in two different ways:
Call the osf_auth()
function in the console at the
start of each new session and paste in your PAT.
Your PAT functions like a password, so it should not be hard coded into any scripts, ever.
To authenticate automatically, store the PAT as an environment
variable named OSF_PAT
, which osfr will detect upon being
loaded. One way to do this is to create a .Renviron
file in
your home or project working directory that defines
OSF_PAT
.
If you’d like to learn more about .Renviron
files, the
R Startup chapter of
What They Forgot to Teach You About R is highly
recommended.
If your PAT has accidentally been publicly released in the world, you should deactivate that PAT. To do this, navigate to the OSF settings page and click on the :x: to the right of the PAT you want to deactivate. You can then create a new PAT and reauthenticate.