Personal access tokens
Release date: 7th December 2023Link copied!
In this release we've introduced a new feature for developers: personal access tokens (PATs). PATs are a secure method of authorizing access to the Content Management and the account management features of the GraphQL Asset Management APIs. Because developers can generate PATs themselves, they are a self service alternative to an API key and secret.
Tokens are created per user and per organization and are only granted the permissions of the user that created them. PATs do not expire, making them particularly useful for applications such as back office automations.
Creating personal access tokensLink copied!
To create and manage PATs, use the GraphQL Asset Management API. You can create tokens in your own code or by using the GraphQL playground.
The image below shows how to create a PAT in the GraphQL playground using the createPersonalAccessToken
mutation.
Managing tokensLink copied!
Tokens are created per user and for a specific organization. The token provides only those permissions that the user has. The token is validated each time it is used in an API request. If a user has been removed from an organization or they no longer have sufficient permissions for a particular request, then an error will be returned.
Tokens are not set to expire but can be deleted. You can use the GraphQL Asset Management API to perform other operations on tokens, including listing all the tokens created by a user and deleting tokens.
You can find more information and examples on the personal access tokens page.