This article aims to provide an explanation of personal access tokens and guide you through their creation and usage.
Table of Contents
What are personal access tokens?
With a Personal Access Token (PAT), it becomes possible to identify the user responsible for a specific action via the Applanga Rest API, based on their token. Moreover, PATs can be restricted to specific access scopes, reducing the potential impact of an exposed PAT. PATs are used to authenticate all non project related Rest API routes. Additionally PATs enhance the security and traceability of project related routes for POST, PUT, and DELETE requests combined with the project related API Token.
In project related routes PATs are employed together with an Project API Token to authorize REST API requests, please see Applanga API usage requirements here. To utilize a PAT in a request, you should include it in the request header under the key X-Personal-Access-Token, as demonstrated in the example below:
curl -X POST "https://api.applanga.com/v1/api" \
-H "X-Personal-Access-Token: Your-Personal-Access-Token-Here" \
-H "Authorization: Bearer Your-Project-Api-Token-Here"
In non project related routes PATs are used to authorize the API request, as demonstrated in the example below:
curl -X GET "https://api.applanga.com/v1/api/projects" \
-H "Authorization: Bearer Your-Personal-Access-Token-Here"
How to create a personal access token
Make sure you are logged in to your Applanga dashboard and click on your name in the top right menu to reveal the drop down and click on Personal Access Tokens from the menu options.
Click the Add a new personal access token button to add a new token. Select the needed permissions(scopes) for the token. It is important to select the right permissions based on the operations the token is needed for. For example if the token is meant to be used to create Tags via Applanga REST API, then you need to select can_create_tags permission. See the Applanga REST API documentation to see the permissions needed for various operations.
Important Note Regarding Permissions: It is crucial to ensure that you have the appropriate permissions within any team or project where you intend to utilize a personal access token. Attempting to use your personal access token in teams or projects to which you do not belong or for which you lack adequate permissions will result in operation failures. For more information, please refer to the Applanga Roles and Permissions Guide.
Click Generate Personal Access Token to create the token and make sure to copy your new personal access token as it will only be displayed once after creation for security reasons. Click Done.
