Shall i simply add feed_token directly(explicitly) in the URL to view atom feeds of my GitLab project through Python script? Is it the correct method to get feeds for GitLab?
Will it be useful for automation? How shall I check for any unauthorized access of feeds with my feed_token?
http://<gitlab_project>/-/tags?feed_token=<token>&format=atom
Yes, it is the correct and easiest method to get feeds from GitLab. The 'feed_token' is just like the private access token provided by your GitLab account, exclusively used to get the feeds.
P.S. For Security, instead of explicitly mentioning the "feed_token" directly in the script, it will be better to let user input their Feed token (Their own Feed token shall be accessible from their respective GitLab account)
Note: with GitLab 16.2 (July 2023), you get:
Improved security for feed tokens
Feed tokens have been made more secure by only working for the URL they were generated for. This narrows the scope of feeds that can be read if the token was leaked.
See Documentation and Issue.