Revoke a Personal Access Token
Revoke a human-owned API key by credential id when it is obsolete, leaked, or no longer appropriate for the workflow.
The browser PAT page exposes the existing key list and its revoke actions together.
- Find the right credential id first.
- Use the correct revoke surface.
- Confirm the key should no longer be used anywhere.
Where this happens
Same Task, Other Interfaces
Use the version that matches where you are working now. The subject matter stays the same; the delivery changes by surface.
Do the work
- 1. Open the PAT page and locate the credential entry you want to remove.
- 2. Double-check the label, prefix, and status so you do not revoke the wrong key.
- 3. Use the revoke action on that entry.
- 4. Remove the raw token from any downstream system that was still using it.
Keep Going in Sessions and Personal Tokens
Stay in the same interface and move to the next closest task in this topic when needed.
Review Security Sessions
Use the sessions page to understand the current browser security context and active session state.
List Personal Access Tokens
Review the current personal API keys before creating a new one or revoking an old one.
Create a Personal Access Token
Create a human-owned API key with the narrowest useful scope set and store it safely because the raw token is only shown once.
Nearby Guides
These guides stay close to the current workflow so you can keep moving without restarting discovery.