This article aims to provide an explanation of personal access tokens and guide you through their creation and usage.
Table of Contents
What are personal access tokens?
A Personal Access Token (PAT) enhances the security and traceability of project-based API Access Tokens for POST, PUT, and DELETE API routes. With a PAT, it becomes possible to identify the user responsible for a specific action via the API, based on their token. Moreover, PATs can be restricted to specific API access scopes, reducing the potential impact of an exposed PAT.
For backward compatibility with existing implementations, PATs are presently mandatory only for the Order API routes. However, they will become optionally mandatory in a future iteration.
Personal access tokens are employed together with an API Access Token to authorize REST API requests, please see Applanga API usage requirements here. To utilize a personal access token in a request, you should include it in the request headers under the key X-Personal-Access-Token, as demonstrated in the example below:
curl -X POST "https://api.applanga.com/v1/api" \
-H "X-Personal-Access-Token: Your-Personal-Access-Token-Here" \
-H "Authorization: Bearer Your-AuthToken-Here"
How to create a personal access token
Make sure you are logged in to your Applanga dashboard and click on your name in the top right menu to reveal the drop down and click on Personal Access Tokens from the menu options.
Click the Add a new personal access token button to add a new token. Select the needed permissions(scopes) for the token. It is important to select the right permissions based on the operations the token is needed for. For example if the token is meant to be used to create Tags via Applanga REST API, then you need to select can_create_tags permission. See the Applanga REST API documentation to see the permissions needed for various operations.
Important Note Regarding Permissions: It is crucial to ensure that you have the appropriate permissions within any team or project where you intend to utilize a personal access token. Attempting to use your personal access token in teams or projects to which you do not belong or for which you lack adequate permissions will result in operation failures. For more information, please refer to the Applanga Roles and Permissions Guide.
Click Generate Personal Access Token to create the token and make sure to copy your new personal access token as it will only be displayed once after creation for security reasons. Click Done.
