Create a Personal Access Token
Create a human-owned API key with the narrowest useful scope set and store it safely because the raw token is only shown once.
API In this interface
4 steps Steps
1 examples Examples
Use this path when
The create endpoint issues the raw PAT once and stores only the hash at rest.
What you'll finish here
- Choose scopes deliberately.
- Copy the raw token immediately.
- Use PATs only for human-owned automation.
Where this happens
Same Task, Other Interfaces
Use the version that matches where you are working now. The subject matter stays the same; the delivery changes by surface.
Keep this boundary clear
- PATs belong to a human and never exceed the human role. They are not workspace-shared automation credentials.
Do the work
- 1. Authenticate as a human principal with `tokens.manage`.
- 2. Send the label, optional scope list, and expiry days in the request body.
- 3. Read the returned token payload and capture the raw `token` field immediately.
- 4. Store the raw token securely in the system that will use it.
Create a PAT over REST
bash
curl -X POST http://localhost:5173/api/v1/personal-access-tokens -H 'authorization: Bearer access_token_here' -H 'content-type: application/json' -d '{"label":"Build server","expiresInDays":30,"scopes":["tasks.read","tasks.write","projects.read"]}'Keep Going in Sessions and Personal Tokens
Stay in the same interface and move to the next closest task in this topic when needed.
API Sessions and Personal Tokens
List Personal Access Tokens
Review the current personal API keys before creating a new one or revoking an old one.
4 steps
API Sessions and Personal Tokens
Revoke a Personal Access Token
Revoke a human-owned API key by credential id when it is obsolete, leaked, or no longer appropriate for the workflow.
4 steps
Nearby Guides
These guides stay close to the current workflow so you can keep moving without restarting discovery.