#Access Tokens Overview - API Authentication Guide

Access Tokens allow secure programmatic access to the platform’s APIs. These tokens can be used in place of a password to authenticate API requests. They provide a secure way to integrate with CI/CD pipelines, automation scripts, and third-party integrations without exposing user credentials.

Important: Access tokens do not grant access to the UI. They are designed exclusively for API authentication.

#Core Concepts

#What are Access Tokens?

Access Tokens are unique, secret strings that authenticate API requests. They:

• Provide API Access: Allow programmatic access to the platform’s REST API
• No UI Access: Cannot be used to log into the web interface
• Role-Based: Each token has a scope (role) that determines what API endpoints it can access
• Expirable: Can have an optional expiration date for enhanced security
• Manageable: Can be created, edited, disabled, enabled, and deleted

#Token Scope (Roles)

Each access token is assigned a scope (role) that determines its permissions:

• Viewer: Read-only access to API endpoints
• Team Member: Standard read and write access
• Workspace Manager: Extended permissions for workspace management
• Administrator: Full access to most API endpoints
• Owner: Complete access to all API endpoints

The available scopes depend on your workspace’s role configuration.

#Accessing Access Tokens

#To access Access Tokens:

1. Navigate to the workspace by clicking on it from the Workspaces page.

2. In the workspace sidebar, click on “Access Tokens” or navigate to /workspace/:workspaceId/access-tokens.

3. As a result, you’ll see the Access Tokens page with a list of all access tokens in the workspace.

#Viewing Access Tokens

The Access Tokens page displays all tokens in a table format. Each row shows:

• Label: A descriptive name for the token (e.g., “CI Runner”, “Zapier Sync”)
• Token: The actual token string (partially masked for security)
• Scope: The role/permission level assigned to the token
• Created: When the token was created
• Expires: When the token expires (or “Not specified” if no expiry)
• Status: Whether the token is active or disabled
• Actions: Edit, enable/disable, delete, and copy buttons

#Token Display:

• Tokens are partially masked for security (only first 10 characters shown)
• Disabled tokens appear with reduced opacity
• Expired tokens are highlighted in red
• Active tokens show a copy button for easy copying

#Column Visibility:

You can customize which columns are visible:

1. Click the “Columns” button in the header
2. Toggle visibility for:
   • Label
   • Token
   • Scope
   • Created
   • Expires
   • Actions
3. The table updates immediately to show only selected columns

#Access Token Properties

Each access token has the following properties:

• Token ID: Unique identifier (email_id format)
• Label: User-defined name
• Token: The actual secret token string
• Scope: Role/permission level
• Created Date: When the token was created
• Expiry Date: Optional expiration date
• Status: Active or Disabled
• Last Used: (If tracked) When the token was last used

#Permissions

Access to access token management features depends on your role:

• Workspace Owner: Full access to all features
• Administrator: Can create, edit, disable, enable, and delete tokens
• Workspace Manager: Can create and edit tokens
• Team Member: Can view tokens (read-only)
• Viewer: Read-only access

#Next Steps

• Learn how to Create Access Tokens to generate new tokens
• Explore Managing Tokens to edit, disable, and delete tokens
• Check out Using Tokens for API authentication examples
• Review Security Best Practices for secure token management